VirtualBox

Ticket #15181: VBoxHardening.log

File VBoxHardening.log, 409.6 KB (added by Michael, 9 years ago)

VBoxHardening.log

Line 
1ec4.22cc: Log file opened: 5.0.15r105696 g_hStartupLog=0000000000000188 g_uNtVerCombined=0xa0280000
2ec4.22cc: \SystemRoot\System32\ntdll.dll:
3ec4.22cc: CreationTime: 2016-02-10T16:09:13.117360900Z
4ec4.22cc: LastWriteTime: 2016-01-31T06:24:08.504709500Z
5ec4.22cc: ChangeTime: 2016-02-11T14:10:54.615401700Z
6ec4.22cc: FileAttributes: 0x20
7ec4.22cc: Size: 0x1bd870
8ec4.22cc: NT Headers: 0xd8
9ec4.22cc: Timestamp: 0x56ad9704
10ec4.22cc: Machine: 0x8664 - amd64
11ec4.22cc: Timestamp: 0x56ad9704
12ec4.22cc: Image Version: 10.0
13ec4.22cc: SizeOfImage: 0x1c2000 (1843200)
14ec4.22cc: Resource Dir: 0x15b000 LB 0x65718
15ec4.22cc: ProductName: Microsoft® Windows® Operating System
16ec4.22cc: ProductVersion: 10.0.10240.16683
17ec4.22cc: FileVersion: 10.0.10240.16683 (th1.160130-1842)
18ec4.22cc: FileDescription: NT Layer DLL
19ec4.22cc: \SystemRoot\System32\kernel32.dll:
20ec4.22cc: CreationTime: 2015-07-10T10:59:59.699781600Z
21ec4.22cc: LastWriteTime: 2015-07-10T10:59:59.699781600Z
22ec4.22cc: ChangeTime: 2015-10-15T19:02:10.329046900Z
23ec4.22cc: FileAttributes: 0x20
24ec4.22cc: Size: 0xab830
25ec4.22cc: NT Headers: 0xf0
26ec4.22cc: Timestamp: 0x559f38ad
27ec4.22cc: Machine: 0x8664 - amd64
28ec4.22cc: Timestamp: 0x559f38ad
29ec4.22cc: Image Version: 10.0
30ec4.22cc: SizeOfImage: 0xad000 (708608)
31ec4.22cc: Resource Dir: 0xab000 LB 0x518
32ec4.22cc: ProductName: Microsoft® Windows® Operating System
33ec4.22cc: ProductVersion: 10.0.10240.16384
34ec4.22cc: FileVersion: 10.0.10240.16384 (th1.150709-1700)
35ec4.22cc: FileDescription: Windows NT BASE API Client DLL
36ec4.22cc: \SystemRoot\System32\KernelBase.dll:
37ec4.22cc: CreationTime: 2016-02-10T16:09:21.487858200Z
38ec4.22cc: LastWriteTime: 2016-01-31T06:25:52.401093100Z
39ec4.22cc: ChangeTime: 2016-02-11T14:10:53.734945600Z
40ec4.22cc: FileAttributes: 0x20
41ec4.22cc: Size: 0x1dc880
42ec4.22cc: NT Headers: 0xf0
43ec4.22cc: Timestamp: 0x56ad97a2
44ec4.22cc: Machine: 0x8664 - amd64
45ec4.22cc: Timestamp: 0x56ad97a2
46ec4.22cc: Image Version: 10.0
47ec4.22cc: SizeOfImage: 0x1dd000 (1953792)
48ec4.22cc: Resource Dir: 0x1c7000 LB 0x530
49ec4.22cc: ProductName: Microsoft® Windows® Operating System
50ec4.22cc: ProductVersion: 10.0.10240.16683
51ec4.22cc: FileVersion: 10.0.10240.16683 (th1.160130-1842)
52ec4.22cc: FileDescription: Windows NT BASE API Client DLL
53ec4.22cc: \SystemRoot\System32\apisetschema.dll:
54ec4.22cc: CreationTime: 2015-07-10T11:00:04.872098600Z
55ec4.22cc: LastWriteTime: 2015-07-10T11:00:04.872098600Z
56ec4.22cc: ChangeTime: 2015-09-17T19:57:55.812595100Z
57ec4.22cc: FileAttributes: 0x20
58ec4.22cc: Size: 0x16760
59ec4.22cc: NT Headers: 0xc8
60ec4.22cc: Timestamp: 0x559f3e3d
61ec4.22cc: Machine: 0x8664 - amd64
62ec4.22cc: Timestamp: 0x559f3e3d
63ec4.22cc: Image Version: 10.0
64ec4.22cc: SizeOfImage: 0x17000 (94208)
65ec4.22cc: Resource Dir: 0x16000 LB 0x3f0
66ec4.22cc: ProductName: Microsoft® Windows® Operating System
67ec4.22cc: ProductVersion: 10.0.10240.16384
68ec4.22cc: FileVersion: 10.0.10240.16384 (th1.150709-1700)
69ec4.22cc: FileDescription: ApiSet Schema DLL
70ec4.22cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71ec4.22cc: supR3HardenedWinFindAdversaries: 0x100
72ec4.22cc: \SystemRoot\System32\drivers\avgidsdrivera.sys:
73ec4.22cc: CreationTime: 2015-08-19T15:52:30.000000000Z
74ec4.22cc: LastWriteTime: 2015-08-19T15:52:30.000000000Z
75ec4.22cc: ChangeTime: 2015-09-18T14:29:12.324950100Z
76ec4.22cc: FileAttributes: 0x80
77ec4.22cc: Size: 0x4c7b0
78ec4.22cc: NT Headers: 0xe8
79ec4.22cc: Timestamp: 0x55d451da
80ec4.22cc: Machine: 0x8664 - amd64
81ec4.22cc: Timestamp: 0x55d451da
82ec4.22cc: Image Version: 6.2
83ec4.22cc: SizeOfImage: 0x53000 (339968)
84ec4.22cc: Resource Dir: 0x51000 LB 0x554
85ec4.22cc: ProductName: AVG Internet Security
86ec4.22cc: ProductVersion: 15.0.0.6137
87ec4.22cc: FileVersion: 15.0.0.6137
88ec4.22cc: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
89ec4.22cc: PrivateBuild: x64 Release_Unicode_DRIVER
90ec4.22cc: FileDescription: AVG IDS Application Activity Monitor Driver.
91ec4.22cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
92ec4.22cc: Calling main()
93ec4.22cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
94ec4.22cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
95ec4.22cc: SUPR3HardenedMain: Respawn #1
96ec4.22cc: System32: \Device\HarddiskVolume2\Windows\System32
97ec4.22cc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
98ec4.22cc: KnownDllPath: C:\WINDOWS\system32
99ec4.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
100ec4.22cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
101ec4.22cc: supR3HardNtEnableThreadCreation:
102ec4.22cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff922f7be60 pvNtTerminateThread=00007ff922fa3d50
103ec4.22cc: supR3HardenedWinDoReSpawn(1): New child ebc.2a50 [kernel32].
104ec4.22cc: supR3HardNtChildGatherData: PebBaseAddress=00007ff74aa0d000 cbPeb=0x388
105ec4.22cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff922f10000 uNtDllChildAddr=00007ff922f10000
106ec4.22cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff922f7be60
107ec4.22cc: supR3HardenedWinSetupChildInit: Start child.
108ec4.22cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
109ec4.22cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 59 sleeps
110ec4.22cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
111ec4.22cc: *0000000000000000-fffffffffffaffff 0x0001/0x0000 0x0000000
112ec4.22cc: *0000000000050000-000000000002ffff 0x0004/0x0004 0x0020000
113ec4.22cc: *0000000000070000-000000000005bfff 0x0002/0x0002 0x0040000
114ec4.22cc: 0000000000084000-0000000000077fff 0x0001/0x0000 0x0000000
115ec4.22cc: *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
116ec4.22cc: 000000000018c000-0000000000188fff 0x0104/0x0004 0x0020000
117ec4.22cc: 000000000018f000-000000000018dfff 0x0004/0x0004 0x0020000
118ec4.22cc: *0000000000190000-000000000018bfff 0x0002/0x0002 0x0040000
119ec4.22cc: 0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000
120ec4.22cc: *00000000001a0000-000000000019dfff 0x0004/0x0004 0x0020000
121ec4.22cc: 00000000001a2000-ffffffff80363fff 0x0001/0x0000 0x0000000
122ec4.22cc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
123ec4.22cc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
124ec4.22cc: 000000007fff0000-ffff8009b55fffff 0x0001/0x0000 0x0000000
125ec4.22cc: *00007ff74a9e0000-00007ff74a9bcfff 0x0002/0x0002 0x0040000
126ec4.22cc: 00007ff74aa03000-00007ff74a9f8fff 0x0001/0x0000 0x0000000
127ec4.22cc: *00007ff74aa0d000-00007ff74aa0bfff 0x0004/0x0004 0x0020000
128ec4.22cc: *00007ff74aa0e000-00007ff74aa0bfff 0x0004/0x0004 0x0020000
129ec4.22cc: 00007ff74aa10000-00007ff749dbffff 0x0001/0x0000 0x0000000
130ec4.22cc: *00007ff74b660000-00007ff74b660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
131ec4.22cc: 00007ff74b661000-00007ff74b6e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
132ec4.22cc: 00007ff74b6e8000-00007ff74b6e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
133ec4.22cc: 00007ff74b6e9000-00007ff74b733fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
134ec4.22cc: 00007ff74b734000-00007ff74b734fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
135ec4.22cc: 00007ff74b735000-00007ff74b735fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
136ec4.22cc: 00007ff74b736000-00007ff74b73afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
137ec4.22cc: 00007ff74b73b000-00007ff74b73bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
138ec4.22cc: 00007ff74b73c000-00007ff74b73cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
139ec4.22cc: 00007ff74b73d000-00007ff74b740fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
140ec4.22cc: 00007ff74b741000-00007ff74b78bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
141ec4.22cc: 00007ff74b78c000-00007ff574007fff 0x0001/0x0000 0x0000000
142ec4.22cc: *00007ff922f10000-00007ff922f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143ec4.22cc: 00007ff922f11000-00007ff92300dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
144ec4.22cc: 00007ff92300e000-00007ff92304ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
145ec4.22cc: 00007ff923050000-00007ff923058fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
146ec4.22cc: 00007ff923059000-00007ff923066fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
147ec4.22cc: 00007ff923067000-00007ff923067fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
148ec4.22cc: 00007ff923068000-00007ff92306afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
149ec4.22cc: 00007ff92306b000-00007ff9230d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
150ec4.22cc: 00007ff9230d2000-00007ff2461c3fff 0x0001/0x0000 0x0000000
151ec4.22cc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
152ec4.22cc: VirtualBox.exe: timestamp 0x56ce765d (rc=VINF_SUCCESS)
153ec4.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
154ec4.22cc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
155ec4.22cc: supR3HardNtChildPurify: Done after 558 ms and 0 fixes (loop #0).
156ebc.2a50: Log file opened: 5.0.15r105696 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
157ec4.22cc: supR3HardNtEnableThreadCreation:
158ebc.2a50: supR3HardenedVmProcessInit: uNtDllAddr=00007ff922f10000 g_uNtVerCombined=0xa0280000
159ebc.2a50: ntdll.dll: timestamp 0x56ad9704 (rc=VINF_SUCCESS)
160ebc.2a50: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1843200 allocation)
161ebc.2a50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
162ebc.2a50: System32: \Device\HarddiskVolume2\Windows\System32
163ebc.2a50: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
164ebc.2a50: KnownDllPath: C:\WINDOWS\system32
165ebc.2a50: supR3HardenedVmProcessInit: Opening vboxdrv stub...
166ebc.2a50: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
167ebc.2a50: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
168ebc.2a50: Registered Dll notification callback with NTDLL.
169ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
170ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
171ebc.2a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
172ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff91fd00000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
173ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
174ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
175ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff922a00000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
176ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
177ebc.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\KERNEL32.DLL'
178ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff74b660000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
179ebc.2a50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
180ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
181ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182ebc.2a50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff922f7be60 pvNtTerminateThread=00007ff922fa3d50
183ec4.22cc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms.
184ebc.2a50: \SystemRoot\System32\ntdll.dll:
185ebc.2a50: CreationTime: 2016-02-10T16:09:13.117360900Z
186ebc.2a50: LastWriteTime: 2016-01-31T06:24:08.504709500Z
187ebc.2a50: ChangeTime: 2016-02-11T14:10:54.615401700Z
188ebc.2a50: FileAttributes: 0x20
189ebc.2a50: Size: 0x1bd870
190ebc.2a50: NT Headers: 0xd8
191ebc.2a50: Timestamp: 0x56ad9704
192ebc.2a50: Machine: 0x8664 - amd64
193ebc.2a50: Timestamp: 0x56ad9704
194ebc.2a50: Image Version: 10.0
195ebc.2a50: SizeOfImage: 0x1c2000 (1843200)
196ebc.2a50: Resource Dir: 0x15b000 LB 0x65718
197ebc.2a50: ProductName: Microsoft® Windows® Operating System
198ebc.2a50: ProductVersion: 10.0.10240.16683
199ebc.2a50: FileVersion: 10.0.10240.16683 (th1.160130-1842)
200ebc.2a50: FileDescription: NT Layer DLL
201ebc.2a50: \SystemRoot\System32\kernel32.dll:
202ebc.2a50: CreationTime: 2015-07-10T10:59:59.699781600Z
203ebc.2a50: LastWriteTime: 2015-07-10T10:59:59.699781600Z
204ebc.2a50: ChangeTime: 2015-10-15T19:02:10.329046900Z
205ebc.2a50: FileAttributes: 0x20
206ebc.2a50: Size: 0xab830
207ebc.2a50: NT Headers: 0xf0
208ebc.2a50: Timestamp: 0x559f38ad
209ebc.2a50: Machine: 0x8664 - amd64
210ebc.2a50: Timestamp: 0x559f38ad
211ebc.2a50: Image Version: 10.0
212ebc.2a50: SizeOfImage: 0xad000 (708608)
213ebc.2a50: Resource Dir: 0xab000 LB 0x518
214ebc.2a50: ProductName: Microsoft® Windows® Operating System
215ebc.2a50: ProductVersion: 10.0.10240.16384
216ebc.2a50: FileVersion: 10.0.10240.16384 (th1.150709-1700)
217ebc.2a50: FileDescription: Windows NT BASE API Client DLL
218ebc.2a50: \SystemRoot\System32\KernelBase.dll:
219ebc.2a50: CreationTime: 2016-02-10T16:09:21.487858200Z
220ebc.2a50: LastWriteTime: 2016-01-31T06:25:52.401093100Z
221ebc.2a50: ChangeTime: 2016-02-11T14:10:53.734945600Z
222ebc.2a50: FileAttributes: 0x20
223ebc.2a50: Size: 0x1dc880
224ebc.2a50: NT Headers: 0xf0
225ebc.2a50: Timestamp: 0x56ad97a2
226ebc.2a50: Machine: 0x8664 - amd64
227ebc.2a50: Timestamp: 0x56ad97a2
228ebc.2a50: Image Version: 10.0
229ebc.2a50: SizeOfImage: 0x1dd000 (1953792)
230ebc.2a50: Resource Dir: 0x1c7000 LB 0x530
231ebc.2a50: ProductName: Microsoft® Windows® Operating System
232ebc.2a50: ProductVersion: 10.0.10240.16683
233ebc.2a50: FileVersion: 10.0.10240.16683 (th1.160130-1842)
234ebc.2a50: FileDescription: Windows NT BASE API Client DLL
235ebc.2a50: \SystemRoot\System32\apisetschema.dll:
236ebc.2a50: CreationTime: 2015-07-10T11:00:04.872098600Z
237ebc.2a50: LastWriteTime: 2015-07-10T11:00:04.872098600Z
238ebc.2a50: ChangeTime: 2015-09-17T19:57:55.812595100Z
239ebc.2a50: FileAttributes: 0x20
240ebc.2a50: Size: 0x16760
241ebc.2a50: NT Headers: 0xc8
242ebc.2a50: Timestamp: 0x559f3e3d
243ebc.2a50: Machine: 0x8664 - amd64
244ebc.2a50: Timestamp: 0x559f3e3d
245ebc.2a50: Image Version: 10.0
246ebc.2a50: SizeOfImage: 0x17000 (94208)
247ebc.2a50: Resource Dir: 0x16000 LB 0x3f0
248ebc.2a50: ProductName: Microsoft® Windows® Operating System
249ebc.2a50: ProductVersion: 10.0.10240.16384
250ebc.2a50: FileVersion: 10.0.10240.16384 (th1.150709-1700)
251ebc.2a50: FileDescription: ApiSet Schema DLL
252ebc.2a50: NtOpenDirectoryObject failed on \Driver: 0xc0000022
253ebc.2a50: supR3HardenedWinFindAdversaries: 0x100
254ebc.2a50: \SystemRoot\System32\drivers\avgidsdrivera.sys:
255ebc.2a50: CreationTime: 2015-08-19T15:52:30.000000000Z
256ebc.2a50: LastWriteTime: 2015-08-19T15:52:30.000000000Z
257ebc.2a50: ChangeTime: 2015-09-18T14:29:12.324950100Z
258ebc.2a50: FileAttributes: 0x80
259ebc.2a50: Size: 0x4c7b0
260ebc.2a50: NT Headers: 0xe8
261ebc.2a50: Timestamp: 0x55d451da
262ebc.2a50: Machine: 0x8664 - amd64
263ebc.2a50: Timestamp: 0x55d451da
264ebc.2a50: Image Version: 6.2
265ebc.2a50: SizeOfImage: 0x53000 (339968)
266ebc.2a50: Resource Dir: 0x51000 LB 0x554
267ebc.2a50: ProductName: AVG Internet Security
268ebc.2a50: ProductVersion: 15.0.0.6137
269ebc.2a50: FileVersion: 15.0.0.6137
270ebc.2a50: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
271ebc.2a50: PrivateBuild: x64 Release_Unicode_DRIVER
272ebc.2a50: FileDescription: AVG IDS Application Activity Monitor Driver.
273ebc.2a50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
274ebc.2a50: Calling main()
275ebc.2a50: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
276ebc.2a50: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
277ebc.2a50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
278ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
279ebc.2a50: SUPR3HardenedMain: Respawn #2
280ebc.2a50: supR3HardNtEnableThreadCreation:
281ebc.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
282ebc.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
283ebc.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
284ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
285ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
286ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
287ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
288ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
289ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
290ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
291ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
292ebc.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
293ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
294ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
295ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
296ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
297ebc.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
298ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
299ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
300ebc.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
301ebc.2a50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
302ebc.2a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
303ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff922390000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
304ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
305ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff922710000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
306ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
307ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff922840000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
308ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
309ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff922b10000 LB 0x000a6000 C:\WINDOWS\system32\ADVAPI32.DLL [fFlags=0x0]
310ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
311ebc.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922b10000 'C:\WINDOWS\system32\ADVAPI32.DLL'
312ebc.2a50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
313ebc.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
314ebc.2a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
315ebc.2a50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
316ebc.2a50: supR3HardenedDllNotificationCallback: load 00007ff91e070000 LB 0x00078000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
317ebc.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
318ebc.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e070000 'C:\WINDOWS\system32\apphelp.dll'
319ebc.2a50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff922f7be60 pvNtTerminateThread=00007ff922fa3d50
320ebc.2a50: supR3HardenedWinDoReSpawn(2): New child 2560.938 [kernel32].
321ebc.2a50: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
322ebc.2a50: supR3HardNtChildGatherData: PebBaseAddress=00007ff74abbb000 cbPeb=0x388
323ebc.2a50: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff922f10000 uNtDllChildAddr=00007ff922f10000
324ebc.2a50: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff922f7be60
325ebc.2a50: supR3HardenedWinSetupChildInit: Start child.
326ebc.2a50: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
327ebc.2a50: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 59 sleeps
328ebc.2a50: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
329ebc.2a50: *0000000000000000-ffffffffff4cffff 0x0001/0x0000 0x0000000
330ebc.2a50: *0000000000b30000-0000000000b0ffff 0x0004/0x0004 0x0020000
331ebc.2a50: *0000000000b50000-0000000000b3bfff 0x0002/0x0002 0x0040000
332ebc.2a50: 0000000000b64000-0000000000b57fff 0x0001/0x0000 0x0000000
333ebc.2a50: *0000000000b70000-0000000000a73fff 0x0000/0x0004 0x0020000
334ebc.2a50: 0000000000c6c000-0000000000c68fff 0x0104/0x0004 0x0020000
335ebc.2a50: 0000000000c6f000-0000000000c6dfff 0x0004/0x0004 0x0020000
336ebc.2a50: *0000000000c70000-0000000000c6bfff 0x0002/0x0002 0x0040000
337ebc.2a50: 0000000000c74000-0000000000c67fff 0x0001/0x0000 0x0000000
338ebc.2a50: *0000000000c80000-0000000000c7dfff 0x0004/0x0004 0x0020000
339ebc.2a50: 0000000000c82000-ffffffff81923fff 0x0001/0x0000 0x0000000
340ebc.2a50: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
341ebc.2a50: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
342ebc.2a50: 000000007fff0000-ffff8009b544ffff 0x0001/0x0000 0x0000000
343ebc.2a50: *00007ff74ab90000-00007ff74ab6cfff 0x0002/0x0002 0x0040000
344ebc.2a50: 00007ff74abb3000-00007ff74abaafff 0x0001/0x0000 0x0000000
345ebc.2a50: *00007ff74abbb000-00007ff74abb9fff 0x0004/0x0004 0x0020000
346ebc.2a50: 00007ff74abbc000-00007ff74abb9fff 0x0001/0x0000 0x0000000
347ebc.2a50: *00007ff74abbe000-00007ff74abbbfff 0x0004/0x0004 0x0020000
348ebc.2a50: 00007ff74abc0000-00007ff74a11ffff 0x0001/0x0000 0x0000000
349ebc.2a50: *00007ff74b660000-00007ff74b660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
350ebc.2a50: 00007ff74b661000-00007ff74b6e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
351ebc.2a50: 00007ff74b6e8000-00007ff74b6e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
352ebc.2a50: 00007ff74b6e9000-00007ff74b733fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
353ebc.2a50: 00007ff74b734000-00007ff74b734fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
354ebc.2a50: 00007ff74b735000-00007ff74b735fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
355ebc.2a50: 00007ff74b736000-00007ff74b73afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
356ebc.2a50: 00007ff74b73b000-00007ff74b73bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
357ebc.2a50: 00007ff74b73c000-00007ff74b73cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
358ebc.2a50: 00007ff74b73d000-00007ff74b740fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
359ebc.2a50: 00007ff74b741000-00007ff74b78bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
360ebc.2a50: 00007ff74b78c000-00007ff574007fff 0x0001/0x0000 0x0000000
361ebc.2a50: *00007ff922f10000-00007ff922f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
362ebc.2a50: 00007ff922f11000-00007ff92300dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
363ebc.2a50: 00007ff92300e000-00007ff92304ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
364ebc.2a50: 00007ff923050000-00007ff923058fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
365ebc.2a50: 00007ff923059000-00007ff923066fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
366ebc.2a50: 00007ff923067000-00007ff923067fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
367ebc.2a50: 00007ff923068000-00007ff92306afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
368ebc.2a50: 00007ff92306b000-00007ff9230d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
369ebc.2a50: 00007ff9230d2000-00007ff2461c3fff 0x0001/0x0000 0x0000000
370ebc.2a50: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
371ebc.2a50: VirtualBox.exe: timestamp 0x56ce765d (rc=VINF_SUCCESS)
372ebc.2a50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
373ebc.2a50: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
374ebc.2a50: supR3HardNtChildPurify: Done after 558 ms and 0 fixes (loop #0).
3752560.938: Log file opened: 5.0.15r105696 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
3762560.938: supR3HardenedVmProcessInit: uNtDllAddr=00007ff922f10000 g_uNtVerCombined=0xa0280000
3772560.938: ntdll.dll: timestamp 0x56ad9704 (rc=VINF_SUCCESS)
3782560.938: New simple heap: #1 0000000000d90000 LB 0x400000 (for 1843200 allocation)
379ebc.2a50: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000)
380ebc.2a50: supR3HardNtEnableThreadCreation:
3812560.938: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3822560.938: System32: \Device\HarddiskVolume2\Windows\System32
3832560.938: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3842560.938: KnownDllPath: C:\WINDOWS\system32
3852560.938: supR3HardenedVmProcessInit: Opening vboxdrv...
3862560.938: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3872560.938: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3882560.938: Registered Dll notification callback with NTDLL.
3892560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3902560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3912560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3922560.938: supR3HardenedDllNotificationCallback: load 00007ff91fd00000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
3932560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3942560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3952560.938: supR3HardenedDllNotificationCallback: load 00007ff922a00000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
3962560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3972560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\KERNEL32.DLL'
3982560.938: supR3HardenedDllNotificationCallback: load 00007ff74b660000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3992560.938: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4002560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4012560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4022560.938: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff922f7be60 pvNtTerminateThread=00007ff922fa3d50
403ebc.2a50: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 106 ms.
4042560.938: \SystemRoot\System32\ntdll.dll:
4052560.938: CreationTime: 2016-02-10T16:09:13.117360900Z
4062560.938: LastWriteTime: 2016-01-31T06:24:08.504709500Z
4072560.938: ChangeTime: 2016-02-11T14:10:54.615401700Z
4082560.938: FileAttributes: 0x20
4092560.938: Size: 0x1bd870
4102560.938: NT Headers: 0xd8
4112560.938: Timestamp: 0x56ad9704
4122560.938: Machine: 0x8664 - amd64
4132560.938: Timestamp: 0x56ad9704
4142560.938: Image Version: 10.0
4152560.938: SizeOfImage: 0x1c2000 (1843200)
4162560.938: Resource Dir: 0x15b000 LB 0x65718
4172560.938: ProductName: Microsoft® Windows® Operating System
4182560.938: ProductVersion: 10.0.10240.16683
4192560.938: FileVersion: 10.0.10240.16683 (th1.160130-1842)
4202560.938: FileDescription: NT Layer DLL
4212560.938: \SystemRoot\System32\kernel32.dll:
4222560.938: CreationTime: 2015-07-10T10:59:59.699781600Z
4232560.938: LastWriteTime: 2015-07-10T10:59:59.699781600Z
4242560.938: ChangeTime: 2015-10-15T19:02:10.329046900Z
4252560.938: FileAttributes: 0x20
4262560.938: Size: 0xab830
4272560.938: NT Headers: 0xf0
4282560.938: Timestamp: 0x559f38ad
4292560.938: Machine: 0x8664 - amd64
4302560.938: Timestamp: 0x559f38ad
4312560.938: Image Version: 10.0
4322560.938: SizeOfImage: 0xad000 (708608)
4332560.938: Resource Dir: 0xab000 LB 0x518
4342560.938: ProductName: Microsoft® Windows® Operating System
4352560.938: ProductVersion: 10.0.10240.16384
4362560.938: FileVersion: 10.0.10240.16384 (th1.150709-1700)
4372560.938: FileDescription: Windows NT BASE API Client DLL
4382560.938: \SystemRoot\System32\KernelBase.dll:
4392560.938: CreationTime: 2016-02-10T16:09:21.487858200Z
4402560.938: LastWriteTime: 2016-01-31T06:25:52.401093100Z
4412560.938: ChangeTime: 2016-02-11T14:10:53.734945600Z
4422560.938: FileAttributes: 0x20
4432560.938: Size: 0x1dc880
4442560.938: NT Headers: 0xf0
4452560.938: Timestamp: 0x56ad97a2
4462560.938: Machine: 0x8664 - amd64
4472560.938: Timestamp: 0x56ad97a2
4482560.938: Image Version: 10.0
4492560.938: SizeOfImage: 0x1dd000 (1953792)
4502560.938: Resource Dir: 0x1c7000 LB 0x530
4512560.938: ProductName: Microsoft® Windows® Operating System
4522560.938: ProductVersion: 10.0.10240.16683
4532560.938: FileVersion: 10.0.10240.16683 (th1.160130-1842)
4542560.938: FileDescription: Windows NT BASE API Client DLL
4552560.938: \SystemRoot\System32\apisetschema.dll:
4562560.938: CreationTime: 2015-07-10T11:00:04.872098600Z
4572560.938: LastWriteTime: 2015-07-10T11:00:04.872098600Z
4582560.938: ChangeTime: 2015-09-17T19:57:55.812595100Z
4592560.938: FileAttributes: 0x20
4602560.938: Size: 0x16760
4612560.938: NT Headers: 0xc8
4622560.938: Timestamp: 0x559f3e3d
4632560.938: Machine: 0x8664 - amd64
4642560.938: Timestamp: 0x559f3e3d
4652560.938: Image Version: 10.0
4662560.938: SizeOfImage: 0x17000 (94208)
4672560.938: Resource Dir: 0x16000 LB 0x3f0
4682560.938: ProductName: Microsoft® Windows® Operating System
4692560.938: ProductVersion: 10.0.10240.16384
4702560.938: FileVersion: 10.0.10240.16384 (th1.150709-1700)
4712560.938: FileDescription: ApiSet Schema DLL
4722560.938: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4732560.938: supR3HardenedWinFindAdversaries: 0x100
4742560.938: \SystemRoot\System32\drivers\avgidsdrivera.sys:
4752560.938: CreationTime: 2015-08-19T15:52:30.000000000Z
4762560.938: LastWriteTime: 2015-08-19T15:52:30.000000000Z
4772560.938: ChangeTime: 2015-09-18T14:29:12.324950100Z
4782560.938: FileAttributes: 0x80
4792560.938: Size: 0x4c7b0
4802560.938: NT Headers: 0xe8
4812560.938: Timestamp: 0x55d451da
4822560.938: Machine: 0x8664 - amd64
4832560.938: Timestamp: 0x55d451da
4842560.938: Image Version: 6.2
4852560.938: SizeOfImage: 0x53000 (339968)
4862560.938: Resource Dir: 0x51000 LB 0x554
4872560.938: ProductName: AVG Internet Security
4882560.938: ProductVersion: 15.0.0.6137
4892560.938: FileVersion: 15.0.0.6137
4902560.938: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
4912560.938: PrivateBuild: x64 Release_Unicode_DRIVER
4922560.938: FileDescription: AVG IDS Application Activity Monitor Driver.
4932560.938: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4942560.938: Calling main()
4952560.938: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4962560.938: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4972560.938: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4982560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4992560.938: SUPR3HardenedMain: Final process, opening VBoxDrv...
5002560.938: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d90000 LB 0x400000)
5012560.938: supR3HardNtEnableThreadCreation:
5022560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5032560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5042560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5052560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5062560.938: supR3HardenedDllNotificationCallback: load 00007ff90a690000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5072560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5082560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5092560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5102560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5112560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5122560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5132560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5142560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a690000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5152560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5162560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
5172560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
5182560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
5192560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
5202560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
5212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5232560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
5242560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
5252560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5262560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5272560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5282560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
5292560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
5302560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
5312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5322560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5332560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
5342560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
5352560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5362560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5372560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
5382560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
5392560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5402560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5412560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5442560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5452560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5462560.938: supR3HardenedDllNotificationCallback: load 00007ff922390000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
5472560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5482560.938: supR3HardenedDllNotificationCallback: load 00007ff91f920000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
5492560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5502560.938: supR3HardenedDllNotificationCallback: load 00007ff91f9c0000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
5512560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5522560.938: supR3HardenedDllNotificationCallback: load 00007ff922710000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
5532560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5542560.938: supR3HardenedDllNotificationCallback: load 00007ff91fca0000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
5552560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5562560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\WINDOWS\system32\Wintrust.dll'
5572560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5582560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5592560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5602560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5612560.938: supR3HardenedDllNotificationCallback: load 00007ff91f460000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5622560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5632560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f460000 'C:\WINDOWS\system32\bcrypt.dll'
5642560.938: bcrypt.dll loaded at 00007ff91f460000, BCryptOpenAlgorithmProvider at 00007ff91f464a00, preloading providers:
5652560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5662560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5672560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5682560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5692560.938: supR3HardenedDllNotificationCallback: load 00007ff91f770000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
5702560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5712560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f770000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5722560.938: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001219950)
5732560.938: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000121a010)
5742560.938: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000121a2e0)
5752560.938: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000121a640)
5762560.938: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000121b160)
5772560.938: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000121b470)
5782560.938: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000121b780)
5792560.938: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000121ba50)
5802560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5812560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5822560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5832560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5842560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5852560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5862560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5872560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5882560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5892560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5902560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5912560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5922560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5932560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5942560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5952560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5962560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5972560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
5982560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5992560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6002560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
6012560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
6022560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
6032560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
6042560.938: supR3HardenedDllNotificationCallback: load 00007ff91f1f0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6052560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6062560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
6072560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
6082560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
6092560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6102560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6112560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6122560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6132560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6142560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6152560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6162560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6172560.938: supR3HardenedDllNotificationCallback: load 00007ff91ee40000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
6182560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6192560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
6202560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
6212560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
6222560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
6232560.938: supR3HardenedDllNotificationCallback: load 00007ff91f360000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6242560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6252560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6262560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6272560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6282560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6292560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6302560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\kernel32.dll'
6312560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6322560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
6332560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6342560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6352560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\CRYPT32.dll'
6362560.938: supR3HardenedDllNotificationCallback: load 00007ff920690000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
6372560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6382560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6392560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6402560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6432560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6442560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6452560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
6462560.938: supR3HardenedDllNotificationCallback: load 00007ff922840000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
6472560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
6482560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6492560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6502560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6512560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6522560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
6532560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
6542560.938: supR3HardenedDllNotificationCallback: load 00007ff91e840000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6552560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6562560.938: supR3HardenedDllNotificationCallback: load 00007ff91f940000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
6572560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
6582560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
6592560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6602560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6612560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
6622560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
6632560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6642560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
6652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
6662560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6672560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
6682560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
6692560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6702560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6712560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6722560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6742560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6752560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6762560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6772560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6782560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6802560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6812560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6832560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6842560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6862560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6872560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6882560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6892560.938: supR3HardenedDllNotificationCallback: load 00007ff922ab0000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
6902560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
6912560.938: supR3HardenedDllNotificationCallback: load 00007ff904e10000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
6922560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6932560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6942560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6952560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
6962560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6972560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6982560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
6992560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7002560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7012560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7022560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7032560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7042560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7052560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7062560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7072560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7082560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7092560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7102560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7112560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7122560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7132560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7142560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7152560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7162560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7172560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7182560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7192560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7202560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7212560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\WINDOWS\system32\cryptnet.dll'
7222560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7232560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\Windows\System32\cryptnet.dll'
7242560.938: supR3HardenedDllNotificationCallback: load 00007ff922b10000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
7252560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7262560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
7272560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
7282560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
7292560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
7302560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7322560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7332560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7342560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7352560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7362560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7372560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7382560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7392560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7402560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7412560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
7422560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7432560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7442560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
7452560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7462560.938: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000125f710
7472560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
7482560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF0F5AB03F344F0BBD6BC394AC558110A7962A2
7492560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7502560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7512560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922710000 'C:\WINDOWS\system32\rpcrt4.dll'
7522560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7532560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7542560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7552560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7562560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7572560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7582560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7592560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7602560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7612560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7622560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7632560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7642560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7652560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7662560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
7672560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7682560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7692560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
7702560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7712560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7722560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
7732560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_816_for_KB3135174~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
7742560.938: g_pfnWinVerifyTrust=00007ff91fca8890
7752560.938: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7762560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7772560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7782560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
7792560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7802560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7812560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
7822560.938: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
7832560.938: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7842560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7852560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7862560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
7872560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7882560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7892560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
7902560.938: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
7912560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7922560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7932560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
7942560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
7952560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7962560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7972560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
7982560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
7992560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
8002560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8012560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8022560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8032560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
8042560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8052560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
8062560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
8072560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
8082560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
8092560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
8102560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8112560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8122560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8132560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
8142560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8152560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
8162560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8172560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8182560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8192560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
8202560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8212560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8222560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8232560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
8242560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8252560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8262560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8272560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
8282560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8292560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8302560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8312560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
8322560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8332560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8342560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8352560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8362560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8372560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
8382560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8392560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8402560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8412560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8422560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
8432560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8442560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8452560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
8462560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8472560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8482560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
8492560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8502560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8512560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
8522560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8532560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8542560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
8552560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8562560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8572560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
8582560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8592560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8602560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
8612560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8622560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8632560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8642560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8652560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8662560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8672560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
8682560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
8692560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8702560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
8712560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
8722560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8732560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8742560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8752560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8762560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8772560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8782560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8792560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x9202266998c7a700 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
8802560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8812560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8822560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8832560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8842560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8852560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8862560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8872560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8882560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8892560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8902560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
8912560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8922560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8932560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8942560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8952560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8962560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8972560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
8982560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8992560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
9002560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
9012560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9022560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
9032560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9042560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9052560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9062560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9072560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9082560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9092560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9102560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9112560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9122560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
9132560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9142560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
9152560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
9162560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9172560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9182560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
9192560.938: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
9202560.938: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9212560.938: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
9222560.938: SUPR3HardenedMain: Load Runtime...
9232560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
9242560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9252560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9262560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
9272560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
9282560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9292560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9302560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9322560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9332560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9342560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9352560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
9362560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
9372560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
9382560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9392560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
9402560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
9412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9442560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9452560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
9472560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
9482560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
9492560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
9502560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
9512560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
9522560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9532560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9542560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9552560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9562560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9572560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9592560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9602560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
9612560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
9622560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
9632560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9642560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9652560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9662560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9672560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9682560.938: supR3HardenedDllNotificationCallback: load 0000000059960000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9692560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9702560.938: supR3HardenedDllNotificationCallback: load 0000000059a40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9712560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9722560.938: supR3HardenedDllNotificationCallback: load 00007ff920660000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
9732560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
9742560.938: supR3HardenedDllNotificationCallback: load 00007ff922bc0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
9752560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
9762560.938: supR3HardenedDllNotificationCallback: load 00007ff8e8590000 LB 0x00563000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9772560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9782560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9792560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9802560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
9812560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rescheduled]
9822560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9832560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9842560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9852560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9862560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9872560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9882560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9892560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9902560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9912560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9922560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9932560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9942560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9952560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9962560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9972560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9982560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9992560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10002560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10012560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10022560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10032560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10042560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10052560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10062560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10072560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
10082560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10092560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10102560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10112560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10122560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10132560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10142560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10152560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10162560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10172560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10182560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10192560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10202560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10212560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10222560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10232560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10242560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10252560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
10262560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10272560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10282560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10292560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10302560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10312560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\WINDOWS\system32\Wintrust.dll'
10322560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
10332560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
10342560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
10352560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10362560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
10372560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
10382560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
10392560.938: SUPR3HardenedMain: Load TrustedMain...
10402560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
10412560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
10422560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
10432560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
10442560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10452560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
10462560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
10472560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
10482560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
10492560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
10502560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
10512560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
10522560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
10532560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
10542560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
10552560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10562560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
10572560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
10582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10592560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10602560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
10612560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
10622560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10632560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
10642560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
10652560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
10662560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
10672560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
10682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
10692560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
10702560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
10712560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
10722560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FB04581B04D596AF48472EA944B80B34E3DFD3B
10732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10742560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10752560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
10762560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
10772560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10782560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10802560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10812560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10842560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
10852560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10862560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
10872560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
10882560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
10892560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
10902560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
10912560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
10922560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10932560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
10942560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
10952560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
10962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10972560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10982560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10992560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11002560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
11012560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
11022560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
11032560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
11042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11062560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
11082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
11092560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
11102560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
11112560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
11122560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11132560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11142560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
11152560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11162560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11172560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
11182560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_595_for_KB3124266~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
11192560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11202560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11212560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
11222560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
11232560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
11242560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
11252560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
11262560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
11272560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
11282560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11292560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11302560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11322560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
11332560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11342560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
11352560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
11362560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
11372560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
11382560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
11392560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
11402560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
11412560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
11422560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
11432560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
11442560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
11452560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
11462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11472560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11482560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11492560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
11502560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
11512560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
11522560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11532560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
11542560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
11552560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
11562560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
11572560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11592560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11602560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11612560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11622560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11632560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11642560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11662560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11672560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11692560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11702560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11712560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11722560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11742560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11752560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11762560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11772560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11782560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11802560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11812560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11842560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11862560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11872560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
11882560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
11892560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11902560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
11912560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11922560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
11932560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
11942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11952560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11972560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11982560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11992560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12002560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12012560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
12022560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12032560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
12042560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
12052560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
12062560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12092560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12102560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12112560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12122560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
12132560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
12142560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12152560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
12162560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
12172560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
12182560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
12192560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
12202560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
12212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12232560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
12242560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12252560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12262560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
12272560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12282560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12292560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12302560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12322560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12332560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12342560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12352560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12362560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12372560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12382560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
12392560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
12402560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
12412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12432560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12442560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12452560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12462560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
12472560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
12482560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
12492560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
12502560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12512560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12522560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
12532560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
12542560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
12552560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
12562560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
12572560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
12582560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
12592560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12602560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12612560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12622560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
12632560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
12642560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
12652560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
12662560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
12672560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
12682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
12692560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12702560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12712560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12722560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12742560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
12752560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12762560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
12772560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12782560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
12792560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12802560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12812560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
12822560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
12832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
12842560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
12852560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
12862560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12872560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
12882560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
12892560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
12902560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
12912560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12922560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
12932560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12942560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
12952560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
12962560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
12972560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
12982560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
12992560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
13002560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
13012560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13022560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13032560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
13042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13062560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
13072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13092560.938: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
13102560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13112560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
13122560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
13132560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
13142560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
13152560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
13162560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
13172560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13182560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13192560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13202560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
13212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
13222560.938: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
13232560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13242560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
13252560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
13262560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
13272560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
13282560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
13292560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
13302560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
13312560.938: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
13322560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13332560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13342560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13352560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
13362560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
13372560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13382560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13392560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
13402560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13422560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13442560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13452560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13472560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13482560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13492560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13502560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13512560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13522560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13532560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
13542560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13552560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13562560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
13572560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13592560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13602560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13612560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13622560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13632560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13642560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13662560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13672560.938: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
13682560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13692560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
13702560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
13712560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
13722560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13742560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
13752560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13762560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13772560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
13782560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
13792560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
13802560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
13812560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
13822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13842560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13862560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13872560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
13882560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13892560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13902560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13912560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13922560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13932560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13952560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13972560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13982560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13992560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14002560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14012560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14022560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14032560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14042560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14062560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
14082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
14092560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
14102560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14112560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14122560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
14132560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
14142560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
14152560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
14162560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14172560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14182560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
14192560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
14202560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
14212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14232560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14242560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14252560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14262560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14272560.938: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14282560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14292560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14302560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
14312560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
14322560.938: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
14332560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14342560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
14352560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14362560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
14372560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
14382560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14392560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14402560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14442560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14452560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14472560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14482560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14492560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14502560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
14512560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
14522560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
14532560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14542560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14552560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14562560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14572560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
14582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14592560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14602560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
14612560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14622560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
14632560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
14642560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
14652560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
14662560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14672560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
14682560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14692560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
14702560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
14712560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
14722560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
14732560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
14742560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
14752560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14762560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14772560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
14782560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14802560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14812560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14832560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14842560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14862560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
14872560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14882560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14892560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14902560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14912560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14922560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14932560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14952560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14972560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14982560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
14992560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15002560.938: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [lacks WinVerifyTrust]
15012560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15022560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15032560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15062560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15092560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15102560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15112560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15122560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15132560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15142560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15152560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
15162560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
15172560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15182560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15192560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
15202560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
15212560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
15222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15232560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15242560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15252560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15262560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15272560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15282560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15292560.938: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15302560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
15312560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
15322560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
15332560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
15342560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
15352560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
15362560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15372560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15382560.938: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15392560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15402560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15412560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15422560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15432560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
15442560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
15452560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
15462560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
15472560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
15482560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
15492560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
15502560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15512560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15522560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
15532560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
15542560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15552560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
15562560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
15572560.938: supR3HardenedDllNotificationCallback: load 00007ff920ac0000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
15582560.938: supR3HardenedDllNotificationCallback: load 00007ff9206b0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
15592560.938: supR3HardenedDllNotificationCallback: load 00007ff90a050000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
15602560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
15612560.938: supR3HardenedDllNotificationCallback: load 00007ff901d40000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
15622560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
15632560.938: supR3HardenedDllNotificationCallback: load 00007ff905f00000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
15642560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15652560.938: supR3HardenedDllNotificationCallback: load 00007ff9022c0000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
15662560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15672560.938: supR3HardenedDllNotificationCallback: load 00007ff920840000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
15682560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15692560.938: supR3HardenedDllNotificationCallback: load 00007ff922dc0000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
15702560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15712560.938: supR3HardenedDllNotificationCallback: load 00000000592c0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
15722560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15732560.938: supR3HardenedDllNotificationCallback: load 00007ff91fb90000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
15742560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15752560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
15762560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
15772560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
15782560.938: supR3HardenedDllNotificationCallback: load 00007ff922430000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
15792560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
15802560.938: supR3HardenedDllNotificationCallback: load 00007ff90ce30000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
15812560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
15822560.938: supR3HardenedDllNotificationCallback: load 00007ff91f9b0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
15832560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
15842560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
15852560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
15862560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
15872560.938: supR3HardenedDllNotificationCallback: load 00007ff91f960000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
15882560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15892560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
15902560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
15912560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
15922560.938: supR3HardenedDllNotificationCallback: load 00007ff91fee0000 LB 0x00628000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
15932560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15942560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
15952560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
15962560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
15972560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
15982560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
15992560.938: supR3HardenedDllNotificationCallback: load 00007ff920c20000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
16002560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16012560.938: supR3HardenedDllNotificationCallback: load 00007ff922c30000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
16022560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16032560.938: supR3HardenedDllNotificationCallback: load 00007ff922650000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
16042560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16052560.938: supR3HardenedDllNotificationCallback: load 00007ff9228a0000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
16062560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
16072560.938: supR3HardenedDllNotificationCallback: load 00007ff920620000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
16082560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16092560.938: supR3HardenedDllNotificationCallback: load 00007ff91fc50000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
16102560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
16112560.938: supR3HardenedDllNotificationCallback: load 00007ff91e290000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
16122560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
16132560.938: supR3HardenedDllNotificationCallback: load 00007ff91db00000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
16142560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16152560.938: supR3HardenedDllNotificationCallback: load 00007ff91de40000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16162560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16172560.938: supR3HardenedDllNotificationCallback: load 00007ff915fa0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
16182560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
16192560.938: supR3HardenedDllNotificationCallback: load 0000000058950000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
16202560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
16212560.938: supR3HardenedDllNotificationCallback: load 0000000059880000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
16222560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
16232560.938: supR3HardenedDllNotificationCallback: load 00007ff8e3f70000 LB 0x00abe000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
16242560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
16252560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
16262560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
16272560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
16282560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
16292560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
16302560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
16312560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
16322560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
16332560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
16342560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
16352560.938: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
16362560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
16372560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
16382560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rescheduled]
16392560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
16402560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
16412560.938: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
16422560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
16432560.938: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
16442560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
16452560.938: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
16462560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
16472560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
16482560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
16492560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
16502560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
16512560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
16522560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
16532560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
16542560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
16552560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
16562560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
16572560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
16582560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rescheduled]
16592560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
16602560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
16612560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16622560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
16632560.938: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
16642560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16662560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
16672560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16692560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
16702560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
16712560.938: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
16722560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16732560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16742560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16752560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16762560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16772560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16782560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16802560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16812560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16842560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16862560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
16872560.938: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
16882560.938: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
16892560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16902560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16912560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16922560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16932560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16952560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16972560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16982560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16992560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920620000 'C:\WINDOWS\system32\imm32.dll'
17002560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e3f70000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
17012560.938: SUPR3HardenedMain: Calling TrustedMain (00007ff8e3f710d0)...
17022560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17032560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17042560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
17052560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000060c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17062560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
17072560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
17082560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
17092560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
17102560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
17112560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_570_for_KB3105210~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
17122560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17132560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17142560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
17152560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
17162560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
17172560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17182560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17192560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17202560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17222560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17232560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17242560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17252560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17262560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17272560.938: supR3HardenedDllNotificationCallback: load 00007ff91e180000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17282560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17292560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e180000 'C:\WINDOWS\system32\uxtheme.dll'
17302560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17312560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
17322560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
17332560.938: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
17342560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17352560.938: supR3HardenedDllNotificationCallback: load 00007ff91d760000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17362560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17372560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17382560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
17392560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
17402560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
17412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17442560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17452560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17472560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
17482560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
17492560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_180_for_KB3124266~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17502560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17512560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17522560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17532560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17542560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920c20000 'C:\WINDOWS\system32\shell32.dll'
17552560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17562560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17572560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\kernel32.dll'
17582560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17592560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17602560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e180000 'C:\WINDOWS\system32\uxtheme.dll'
17612560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17622560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17632560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e180000 'C:\WINDOWS\system32\uxtheme.dll'
17642560.938: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17652560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17662560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
17672560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\user32.dll'
17682560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17692560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17702560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e180000 'C:\WINDOWS\system32\uxtheme.dll'
17712560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\user32.dll'
17722560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17732560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17742560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922b10000 'C:\WINDOWS\system32\advapi32.dll'
17752560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
17762560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
17772560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17782560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17792560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
17802560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17812560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17822560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17832560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17842560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17862560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17872560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17882560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17892560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17902560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17912560.938: supR3HardenedDllNotificationCallback: load 00007ff91ef30000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17922560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17932560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ef30000 'C:\WINDOWS\system32\userenv.dll'
17942560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17952560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17962560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\kernel32.dll'
17972560.938: supR3HardenedDllNotificationCallback: load 00007ff922d10000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
17982560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17992560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
18002560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
18012560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
18022560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18032560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18062560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18072560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
18082560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
18092560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18102560.33e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18112560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18122560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18132560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18142560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18152560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18162560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
18172560.33e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
18182560.33e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18192560.33e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18202560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18212560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18222560.33e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18232560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18242560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18252560.33e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18262560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18272560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18282560.33e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18292560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18302560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18312560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18322560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18332560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18342560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18352560.33e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18362560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18372560.33e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18382560.33e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18392560.33e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18402560.33e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18412560.33e0: supR3HardenedDllNotificationCallback: load 00007ff8e3990000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18422560.33e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18432560.33e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e3990000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18442560.33e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18452560.33e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18462560.33e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922650000 'C:\Windows\System32\oleaut32.dll'
18472560.33e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
18482560.33e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
18492560.33e0: supR3HardenedDllNotificationCallback: load 00007ff91f7e0000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
18502560.33e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
18512560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18522560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
18532560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
18542560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18552560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18562560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922650000 'C:\WINDOWS\system32\OLEAUT32.dll'
18572560.938: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
18582560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18592560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
18602560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
18612560.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18622560.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18632560.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
18642560.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18652560.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18662560.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
18672560.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18682560.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18692560.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18702560.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18712560.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18722560.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18732560.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18742560.31fc: supR3HardenedDllNotificationCallback: load 00007ff906350000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
18752560.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18762560.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906350000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
18772560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\user32.dll'
18782560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18792560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18802560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920c20000 'C:\WINDOWS\system32\shell32.dll'
18812560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922b10000 'C:\WINDOWS\system32\ADVAPI32.DLL'
18822560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
18832560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18842560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
18852560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtcorevbox4.dll'.
18862560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtguivbox4.dll'.
18872560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtopenglvbox4.dll'.
18882560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
18892560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
18902560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
18912560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18922560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18932560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
18952560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
18962560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
18972560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18982560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18992560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [lacks WinVerifyTrust]
19002560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19012560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19022560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
19032560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19062560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
19082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
19092560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
19102560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19112560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
19122560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
19132560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
19142560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
19152560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
19162560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19172560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19182560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19192560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19202560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19212560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
19222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19232560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19242560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19252560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19262560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19272560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
19282560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19292560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
19302560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
19312560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
19322560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
19332560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54A8D49732D327F780234E47407FD91AB77B632A
19342560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19352560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
19362560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
19372560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19382560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
19392560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
19402560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
19412560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
19422560.938: supR3HardenedDllNotificationCallback: load 00007ff91e070000 LB 0x00078000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
19432560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
19442560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91e070000 'C:\WINDOWS\system32\apphelp.dll'
19452560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bbc pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19462560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
19472560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
19482560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
19492560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19502560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
19512560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
19522560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19532560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19542560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19552560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
19562560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
19572560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
19582560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
19592560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
19602560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19612560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19622560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19632560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19642560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
19652560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19662560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
19672560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19692560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19702560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19712560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19722560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19732560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
19742560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19752560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
19762560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
19772560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19782560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
19792560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume2\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
19802560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume2\Windows\System32\d2d1.dll
19812560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
19822560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
19832560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
19842560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19852560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19862560.938: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19872560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19882560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
19892560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19902560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19912560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19922560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19932560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
19942560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19952560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19962560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19972560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19982560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
19992560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20002560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\d2d1.dll'
20012560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20022560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20032560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d2d1.dll) WinVerifyTrust
20042560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d2d1.dll
20052560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20062560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20072560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
20082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20092560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20102560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20112560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20122560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
20132560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20142560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20152560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
20162560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
20172560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20182560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20192560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20202560.938: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
20212560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20222560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20232560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20242560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
20252560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
20262560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
20272560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
20282560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20292560.938: supR3HardenedDllNotificationCallback: load 00007ff9181e0000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0]
20302560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
20312560.938: supR3HardenedDllNotificationCallback: load 00007ff91d410000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
20322560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20332560.938: supR3HardenedDllNotificationCallback: load 00007ff91d4b0000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
20342560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
20352560.938: supR3HardenedDllNotificationCallback: load 00007ff91d9a0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
20362560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
20372560.938: supR3HardenedDllNotificationCallback: load 00007ff909840000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
20382560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
20392560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909840000 'C:\WINDOWS\system32\dataexchange.dll'
20402560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20412560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20422560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
20432560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20442560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
20452560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
20462560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
20472560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
20482560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
20492560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
20502560.938: supR3HardenedDllNotificationCallback: load 00007ff91e2e0000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
20512560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
20522560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20532560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20542560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20552560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20562560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20572560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
20582560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20592560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20602560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20612560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
20622560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
20632560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
20642560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20662560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20672560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20682560.938: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
20692560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20702560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20712560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922dc0000 'C:\WINDOWS\system32\ole32.dll'
20722560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20732560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20742560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922650000 'C:\WINDOWS\system32\OLEAUT32.dll'
20752560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c70 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20762560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
20772560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
20782560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
20792560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20802560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20812560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20822560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20832560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20842560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20852560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20862560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20872560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20882560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20892560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20902560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20912560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
20922560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
20932560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
20942560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
20952560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
20962560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
20972560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20982560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20992560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
21002560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
21012560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
21022560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21032560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21042560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21052560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21062560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21072560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21082560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21092560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21102560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21112560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21122560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21132560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
21142560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21152560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21162560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21172560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21182560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21192560.938: supR3HardenedDllNotificationCallback: load 00007ff9179d0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21202560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21212560.938: supR3HardenedDllNotificationCallback: load 00007ff915950000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
21222560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21232560.938: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21242560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fd00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21252560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915950000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
21262560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c38 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21272560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
21282560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
21292560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
21302560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
21312560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
21322560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
21332560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21342560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21352560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21362560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21372560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21382560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21392560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21402560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21412560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21422560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21432560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21442560.938: supR3HardenedDllNotificationCallback: load 00007ff9154a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
21452560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21462560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9154a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
21472560.938: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21482560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fd00000 'api-ms-win-core-localization-l1-2-0.dll'
21492560.938: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21502560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fd00000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21512560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c78 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21522560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
21532560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
21542560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
21552560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
21562560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
21572560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21582560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21592560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21602560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21612560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21622560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21632560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21642560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21652560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21662560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21672560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21682560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21692560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21702560.938: supR3HardenedDllNotificationCallback: load 00007ff9154c0000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21712560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21722560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9154c0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21732560.938: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
21742560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
21752560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
21762560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
21772560.938: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
21782560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21792560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ce30000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
21802560.1a74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
21812560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21822560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21832560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21842560.1a74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21852560.1a74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21862560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21872560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21882560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21892560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21902560.1a74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
21912560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21922560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21932560.1a74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21942560.1a74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21952560.1a74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21962560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21972560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21982560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21992560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22002560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22012560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22022560.1a74: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22032560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22042560.1a74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22052560.1a74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22062560.1a74: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22072560.1a74: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22082560.1a74: supR3HardenedDllNotificationCallback: load 0000000059770000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22092560.1a74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22102560.1a74: supR3HardenedDllNotificationCallback: load 00007ff8f8930000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22112560.1a74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22122560.1a74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22132560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22142560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d88 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22152560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
22162560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
22172560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=695CB5D234E33829E3320DD8DE835DE7D1459933
22182560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22192560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
22202560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_536_for_KB3105210~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
22212560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22222560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22232560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
22242560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ws2_32.dll'.
22252560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'netsetupapi.dll'.
22262560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'setupapi.dll'.
22272560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
22282560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22292560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22302560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22312560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22322560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
22332560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
22342560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
22352560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
22362560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
22372560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22382560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
22392560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
22402560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22412560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22422560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22432560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22442560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22452560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22462560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
22472560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22482560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
22492560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22502560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22512560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
22522560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22532560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22542560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22552560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22562560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22572560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22582560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22592560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22602560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22612560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22622560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22632560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22642560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22652560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22662560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22672560.338: supR3HardenedDllNotificationCallback: load 00007ff918820000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
22682560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22692560.338: supR3HardenedDllNotificationCallback: load 00007ff922150000 LB 0x001c5000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
22702560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22712560.338: supR3HardenedDllNotificationCallback: load 00007ff918b30000 LB 0x00063000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
22722560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22732560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918b30000 'C:\Windows\System32\NetSetupShim.dll'
22742560.2f2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22752560.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22762560.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22772560.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22782560.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22792560.2f2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22802560.2f2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22812560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22822560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22832560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22842560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22852560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22862560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22872560.2f2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22882560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22892560.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22902560.2f2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22912560.2f2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22922560.2f2c: supR3HardenedDllNotificationCallback: load 00007ff919e10000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22932560.2f2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22942560.2f2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919e10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22952560.2054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
22962560.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22972560.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22982560.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22992560.2054: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23002560.2054: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23012560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23022560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23032560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23042560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23052560.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23062560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23072560.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23082560.2054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23092560.2054: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23102560.2054: supR3HardenedDllNotificationCallback: load 00007ff90cd20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23112560.2054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23122560.2054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cd20000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23132560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
23142560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
23152560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23162560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23172560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23182560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
23192560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
23202560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23212560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
23222560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
23232560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
23242560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
23252560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23262560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23272560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23282560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23292560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23302560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23312560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23322560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23332560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
23342560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
23352560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
23362560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23372560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23382560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23392560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23402560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23412560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23422560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
23432560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23442560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23452560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23462560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23472560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23482560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23492560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
23502560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
23512560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
23522560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23532560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23542560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23552560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23562560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23572560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23582560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23592560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23602560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23612560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23622560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
23632560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
23642560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
23652560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23662560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23672560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23682560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23692560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
23702560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
23712560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23722560.2538: supR3HardenedDllNotificationCallback: load 00007ff904a50000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
23732560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
23742560.2538: supR3HardenedDllNotificationCallback: load 00007ff906380000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
23752560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23762560.2538: supR3HardenedDllNotificationCallback: load 00007ff8fa6d0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
23772560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
23782560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
23792560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23802560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23812560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906380000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
23822560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
23832560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23842560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23852560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
23862560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
23872560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
23882560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
23892560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
23902560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23912560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23922560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23932560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
23942560.2538: supR3HardenedDllNotificationCallback: load 00007ff90a080000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
23952560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
23962560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a080000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
23972560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
23982560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23992560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32/opengl32.dll'
24002560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24012560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24022560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
24032560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
24042560.2538: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll: Owner is administrators group.
24052560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb8 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
24062560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24072560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24082560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8DB2A0B6FE51C689D16F0616B99C7AD1FBD60F82
24092560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24102560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x800b0109; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll'
24112560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24122560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24132560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8DB2A0B6FE51C689D16F0616B99C7AD1FBD60F82
24142560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24152560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll'
24162560.2538: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24172560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
24182560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24192560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
24202560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll) WinVerifyTrust
24212560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
24222560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24232560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24242560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24252560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24262560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24272560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24282560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6pxx.dll (Input=atig6pxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24292560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
24302560.2538: supR3HardenedDllNotificationCallback: load 00007ff9079c0000 LB 0x00018000 C:\WINDOWS\system32\atig6pxx.dll [fFlags=0x0]
24312560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
24322560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9079c0000 'C:\WINDOWS\system32\atig6pxx.dll'
24332560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
24342560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
24352560.2538: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll: Owner is administrators group.
24362560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef4 pwszName=\Device\HarddiskVolume2\Windows\System32\atio6axx.dll
24372560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24382560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24392560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A9F8AA2327A21DB9C33798CB877F0E848214934
24402560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24412560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x800b0109; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atio6axx.dll'
24422560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24432560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24442560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A9F8AA2327A21DB9C33798CB877F0E848214934
24452560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24462560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atio6axx.dll'
24472560.2538: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24482560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
24492560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24502560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
24512560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24522560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
24532560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atio6axx.dll) WinVerifyTrust
24542560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
24552560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24562560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24572560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24582560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24592560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24602560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
24612560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
24622560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24632560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
24642560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24652560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
24662560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
24672560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24682560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24692560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24702560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24712560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24722560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24732560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atio6axx.dll (Input=atio6axx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24742560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
24752560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
24762560.2538: supR3HardenedDllNotificationCallback: load 00007ff91d110000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
24772560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
24782560.2538: supR3HardenedDllNotificationCallback: load 0000000056090000 LB 0x01e98000 C:\WINDOWS\system32\atio6axx.dll [fFlags=0x0]
24792560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
24802560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24812560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24822560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
24832560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24842560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24852560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
24862560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000056090000 'C:\WINDOWS\system32\atio6axx.dll'
24872560.2538: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll: Owner is administrators group.
24882560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f0c pwszName=\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
24892560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24902560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24912560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA073A15BF5C674E168BBAD7F8D8DCE2E64CBE88
24922560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24932560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x800b0109; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll'
24942560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
24952560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
24962560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA073A15BF5C674E168BBAD7F8D8DCE2E64CBE88
24972560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
24982560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll'
24992560.2538: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25002560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25012560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25022560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
25032560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25042560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'.
25052560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
25062560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
25072560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
25082560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
25092560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
25102560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
25112560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iphlpapi.dll'.
25122560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll) WinVerifyTrust
25132560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
25142560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25152560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25162560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
25172560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
25182560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25192560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
25202560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
25212560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25222560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25232560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25242560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25252560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
25262560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
25272560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25282560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25292560.2538: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
25302560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25312560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25322560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
25332560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25342560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25352560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25362560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
25372560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25382560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25392560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
25402560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25412560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25422560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
25432560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
25442560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
25452560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
25462560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25472560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25482560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25492560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
25502560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
25512560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
25522560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
25532560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25542560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
25552560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25562560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
25572560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
25582560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
25592560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
25602560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
25612560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25622560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25632560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
25642560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
25652560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25662560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25672560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
25682560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
25692560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25702560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25712560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
25722560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
25732560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
25742560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25752560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25762560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25772560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
25782560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
25792560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25802560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25812560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25822560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25832560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25842560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25852560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25862560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25872560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25882560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25892560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25902560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25912560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
25922560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
25932560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
25942560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25952560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
25962560.2538: supR3HardenedDllNotificationCallback: load 00007ff91d7b0000 LB 0x00183000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0]
25972560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
25982560.2538: supR3HardenedDllNotificationCallback: load 00007ff91da80000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
25992560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26002560.2538: supR3HardenedDllNotificationCallback: load 00007ff920c10000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
26012560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
26022560.2538: supR3HardenedDllNotificationCallback: load 00007ff91c080000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26032560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26042560.2538: supR3HardenedDllNotificationCallback: load 00007ff91c090000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
26052560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26062560.2538: supR3HardenedDllNotificationCallback: load 00007ff90cee0000 LB 0x00148000 C:\WINDOWS\system32\atiadlxx.dll [fFlags=0x0]
26072560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
26082560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cee0000 'C:\WINDOWS\system32\atiadlxx.dll'
26092560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
26102560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
26112560.2538: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
26122560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26132560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26142560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26152560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26162560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26172560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26182560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
26192560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26202560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26212560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26222560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26232560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26242560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26252560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26262560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
26272560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26282560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26292560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26302560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26312560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26322560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26332560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26342560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26352560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26362560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26372560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26382560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26392560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26402560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26412560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26422560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26432560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26442560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26452560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26462560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26472560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26482560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26492560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26502560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26512560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26522560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26532560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26542560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26552560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26562560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26572560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26582560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26592560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26602560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
26612560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26622560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26632560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26642560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26652560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26662560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26672560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26682560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26692560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26702560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26712560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26722560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26732560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26742560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26752560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26762560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26772560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26782560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26792560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26802560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26812560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26822560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26832560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26842560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26852560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26862560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
26872560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26882560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26892560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26902560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26912560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26922560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26932560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26942560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26952560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26962560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
26972560.2538: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll: Owner is administrators group.
26982560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6txx.dll
26992560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
27002560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
27012560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=08AD697C3BE5394DB0C8D401C29218B4381200EA
27022560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
27032560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x800b0109; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6txx.dll'
27042560.2538: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
27052560.2538: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
27062560.2538: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=08AD697C3BE5394DB0C8D401C29218B4381200EA
27072560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
27082560.2538: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6txx.dll'
27092560.2538: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27102560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27112560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27122560.2538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
27132560.2538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6txx.dll) WinVerifyTrust
27142560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27152560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27162560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27172560.2538: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27182560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27192560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27202560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27212560.2538: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27222560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27232560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27242560.2538: supR3HardenedDllNotificationCallback: load 00007ff904d30000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
27252560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27262560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d30000 'C:\WINDOWS\system32\atig6txx.dll'
27272560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27282560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27292560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27302560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
27312560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27322560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27332560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
27342560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27352560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27362560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27372560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27382560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27392560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27402560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27412560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27422560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
27432560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27442560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27452560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27462560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27472560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27482560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27492560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27502560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27512560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27522560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27532560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
27542560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27552560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27562560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27572560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27582560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27592560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27602560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27612560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27622560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27632560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27642560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27652560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27662560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27672560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27682560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27692560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27702560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27712560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27722560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27732560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27742560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27752560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27762560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27772560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27782560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27792560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27802560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27812560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27822560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27832560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27842560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27852560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27862560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27872560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27882560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27892560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27902560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
27912560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27922560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27932560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27942560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27952560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27962560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27972560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27982560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
27992560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28002560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28012560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28022560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28032560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28042560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28052560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28062560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28072560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28082560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28092560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28102560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28112560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28122560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28132560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28142560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
28152560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28162560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28172560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28182560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28192560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28202560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28212560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28222560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28232560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28242560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28252560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28262560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28272560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28282560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28292560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28302560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28312560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28322560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28332560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28342560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28352560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28362560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28372560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28382560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28392560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28402560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28412560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28422560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28432560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28442560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28452560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28462560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28472560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28482560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28492560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28502560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28512560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28522560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28532560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28542560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28552560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28562560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28572560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28582560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28592560.2538: supR3HardenedDllNotificationCallback: Unload 00007ff904d30000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [flags=0x0]
28602560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28612560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28622560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28632560.2538: supR3HardenedDllNotificationCallback: load 00007ff904d30000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
28642560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28652560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d30000 'C:\WINDOWS\system32\atig6txx.dll'
28662560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28672560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28682560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28692560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28702560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32\Kernel32.dll'
28712560.2538: supHardenedWinVerifyImageByHandle: -> -608 (\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys)
28722560.2538: Error (rc=0):
28732560.2538: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x5 fAccess=0x2 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys:
28742560.2538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
28752560.2538: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -608 (0xfffffda0)) on \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys [lacks WinVerifyTrust]
28762560.2538: Error (rc=0):
28772560.2538: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x2 fAccess=0x5 cHits=1 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
28782560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28792560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28802560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28812560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28822560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28832560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28842560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28852560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920ac0000 'C:\WINDOWS\system32\USER32.DLL'
28862560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28872560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9206b0000 'C:\WINDOWS\system32\gdi32.dll'
28882560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28892560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28902560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28912560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.DLL'
28922560.2538: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\perf.dll': 0 (NtPath=\??\C:\WINDOWS\system32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135
28932560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28942560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\perf.dll'
28952560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
28962560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
28972560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
28982560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
28992560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
29002560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
29012560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
29022560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
29032560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
29042560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29052560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9022c0000 'C:\WINDOWS\system32\OPENGL32.dll'
29062560.2538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
29072560.2538: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29082560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
29092560.2538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91d760000 'C:\WINDOWS\system32\dwmapi.dll'
29102560.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
29112560.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29122560.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29132560.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29142560.1a94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
29152560.1a94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29162560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29172560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29182560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29192560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29202560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29212560.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29222560.1a94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29232560.1a94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29242560.1a94: supR3HardenedDllNotificationCallback: load 00007ff90c290000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29252560.1a94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29262560.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c290000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
29272560.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
29282560.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29292560.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29302560.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29312560.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
29322560.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29332560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29342560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29352560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29362560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29372560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29382560.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29392560.327c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29402560.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29412560.327c: supR3HardenedDllNotificationCallback: load 00007ff907990000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
29422560.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29432560.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907990000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
29442560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
29452560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29462560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920c20000 'C:\WINDOWS\system32/Shell32.dll'
29472560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29482560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29492560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29502560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
29512560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29522560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29532560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29542560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29552560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
29562560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
29572560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29582560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29592560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29602560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29612560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29622560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29632560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29642560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29652560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29662560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29672560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29682560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29692560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29702560.338: supR3HardenedDllNotificationCallback: load 00007ff9047c0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29712560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29722560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047c0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
29732560.338: supR3HardenedDllNotificationCallback: Unload 00007ff9047c0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
29742560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
29752560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
29762560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29772560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29782560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29792560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
29802560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
29812560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29822560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29832560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29842560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29852560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29862560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
29872560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29882560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29892560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29902560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29912560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29922560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29932560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29942560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29952560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29962560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29972560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29982560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29992560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30002560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
30012560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
30022560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
30032560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30042560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30052560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30062560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
30072560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30082560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
30092560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
30102560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30112560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30122560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30132560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30142560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30152560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30162560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30172560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
30182560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30192560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30202560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30212560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
30222560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
30232560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
30242560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
30252560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30262560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30272560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30282560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30292560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30302560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30312560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30322560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30332560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30342560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30352560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
30362560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
30372560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
30382560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000029c4 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
30392560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
30402560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
30412560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
30422560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
30432560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
30442560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
30452560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30462560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30472560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
30482560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
30492560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
30502560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
30512560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
30522560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
30532560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
30542560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30552560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30562560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30572560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30582560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30592560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30602560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30612560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30622560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30632560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30642560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30652560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30662560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30672560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30682560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
30692560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
30702560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
30712560.338: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
30722560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
30732560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
30742560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
30752560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30762560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30772560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30782560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30792560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30802560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30812560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30822560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30832560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30842560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30852560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30862560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30872560.338: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
30882560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
30892560.338: supR3HardenedDllNotificationCallback: load 00007ff91a340000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
30902560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
30912560.338: supR3HardenedDllNotificationCallback: load 00007ff902b90000 LB 0x00058000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
30922560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30932560.338: supR3HardenedDllNotificationCallback: load 00007ff9015c0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
30942560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30952560.338: supR3HardenedDllNotificationCallback: load 00007ff9047c0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
30962560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30972560.338: supR3HardenedDllNotificationCallback: load 00007ff8e30a0000 LB 0x008e7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
30982560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30992560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e30a0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
31002560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000029b0 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
31012560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
31022560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
31032560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
31042560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31052560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31062560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31072560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
31082560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
31092560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31102560.338: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
31112560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31122560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31132560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31142560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31152560.338: supR3HardenedDllNotificationCallback: load 00007ff9046e0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31162560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31172560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9046e0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
31182560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31192560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
31202560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31212560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e3990000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
31222560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31232560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31242560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31252560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047c0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
31262560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31272560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31282560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31292560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31302560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
31312560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31322560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31332560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31342560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31352560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31362560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31372560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31382560.338: supR3HardenedDllNotificationCallback: load 00007ff907660000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
31392560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31402560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907660000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
31412560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31422560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31432560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31442560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31452560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
31462560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31472560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31482560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31492560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31502560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31512560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31522560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31532560.338: supR3HardenedDllNotificationCallback: load 00007ff907620000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
31542560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31552560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907620000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
31562560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31572560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31582560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31592560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31602560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
31612560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31622560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31632560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31642560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31652560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31662560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31672560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31682560.338: supR3HardenedDllNotificationCallback: load 00007ff904f20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
31692560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31702560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904f20000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
31712560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31722560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31732560.cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31742560.cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31752560.cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31762560.cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31772560.cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
31782560.cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31792560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31802560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31812560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31822560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31832560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31842560.cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31852560.cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31862560.cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31872560.cc: supR3HardenedDllNotificationCallback: load 00007ff907980000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
31882560.cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31892560.cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907980000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
31902560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31912560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
31922560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31932560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31942560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31952560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
31962560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31972560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
31982560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31992560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32002560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32012560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
32022560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
32032560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32042560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32052560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32062560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32072560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32082560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32092560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32102560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32112560.338: supR3HardenedDllNotificationCallback: load 00007ff9014f0000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
32122560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32132560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9014f0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
32142560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000287c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
32152560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
32162560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
32172560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
32182560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
32192560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
32202560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
32212560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32222560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32232560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
32242560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
32252560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
32262560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
32272560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
32282560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32292560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32302560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32312560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32322560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32332560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32342560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32352560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32362560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32372560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32382560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32392560.338: supR3HardenedDllNotificationCallback: load 00007ff916710000 LB 0x0009c000 C:\WINDOWS\system32\dsound.dll [fFlags=0x0]
32402560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32412560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32422560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32432560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916710000 'C:\WINDOWS\system32\dsound.dll'
32442560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916710000 'C:\WINDOWS\system32/dsound.dll'
32452560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
32462560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
32472560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32482560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
32492560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
32502560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
32512560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
32522560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32532560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
32542560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
32552560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
32562560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
32572560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
32582560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [redoing WinVerifyTrust]
32592560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
32602560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
32612560.338: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
32622560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32632560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32642560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32652560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32662560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32672560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32682560.338: supR3HardenedDllNotificationCallback: load 00007ff91a6a0000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
32692560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32702560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a6a0000 'C:\WINDOWS\System32\MMDevApi.dll'
32712560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32722560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32732560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a6a0000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
32742560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32752560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32762560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
32772560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002b2c pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32782560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
32792560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
32802560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
32812560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
32822560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
32832560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
32842560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32852560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32862560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
32872560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
32882560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
32892560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
32902560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
32912560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
32922560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32932560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32942560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32952560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32962560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32972560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32982560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
32992560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
33002560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
33012560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
33022560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33032560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33042560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33052560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33062560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
33072560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
33082560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
33092560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
33102560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33112560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
33122560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33132560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33142560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33152560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33162560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33172560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33182560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33192560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33202560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33212560.338: supR3HardenedDllNotificationCallback: load 00007ff91a180000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
33222560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33232560.338: supR3HardenedDllNotificationCallback: load 00007ff91a170000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
33242560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33252560.338: supR3HardenedDllNotificationCallback: load 00007ff9160b0000 LB 0x00041000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
33262560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33272560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33282560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33292560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33302560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33312560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33322560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33332560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33342560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33352560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33362560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33372560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33382560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33392560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33402560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
33412560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
33422560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33432560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
33442560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
33452560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
33462560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
33472560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33482560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33492560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33502560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33512560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33522560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33532560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33542560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33552560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33562560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33572560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33582560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33592560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33602560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
33612560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
33622560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
33632560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
33642560.338: supR3HardenedDllNotificationCallback: load 00007ff91a810000 LB 0x00131000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
33652560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
33662560.338: supR3HardenedDllNotificationCallback: load 00007ff919e50000 LB 0x00085000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
33672560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33682560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919e50000 'C:\WINDOWS\system32\AUDIOSES.DLL'
33692560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
33702560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33712560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33722560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
33732560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
33742560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
33752560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33762560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33772560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33782560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
33792560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
33802560.338: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
33812560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33822560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33832560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33842560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33852560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33862560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33872560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33882560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33892560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33902560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33912560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33922560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33932560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33942560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33952560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33962560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33972560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33982560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
33992560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
34002560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
34012560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160b0000 'C:\WINDOWS\system32\wdmaud.drv'
34022560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
34032560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
34042560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
34052560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
34062560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
34072560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
34082560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
34092560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34102560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34112560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
34122560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
34132560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
34142560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
34152560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
34162560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34172560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34182560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34192560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34202560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34212560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
34222560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
34232560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
34242560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
34252560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34262560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
34272560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34282560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34292560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34302560.338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
34312560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34322560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34332560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34342560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34352560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34362560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34372560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34382560.338: supR3HardenedDllNotificationCallback: load 00007ff9196a0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
34392560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34402560.338: supR3HardenedDllNotificationCallback: load 00007ff9196c0000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
34412560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34422560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34432560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34442560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34452560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34462560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34472560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34482560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34492560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34502560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34512560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34522560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34532560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34542560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34552560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34562560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34572560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34582560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34592560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34602560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34612560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34622560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34632560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9196c0000 'C:\WINDOWS\system32\msacm32.drv'
34642560.338: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002bc0 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
34652560.338: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
34662560.338: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
34672560.338: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
34682560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
34692560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
34702560.338: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
34712560.338: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34722560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34732560.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
34742560.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
34752560.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
34762560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34772560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34782560.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34792560.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34802560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34812560.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34822560.338: supR3HardenedDllNotificationCallback: load 00007ff9160a0000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
34832560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34842560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160a0000 'C:\WINDOWS\system32\midimap.dll'
34852560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34862560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34872560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160a0000 'C:\WINDOWS\system32\midimap.dll'
34882560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34892560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34902560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160a0000 'C:\WINDOWS\system32\midimap.dll'
34912560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34922560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34932560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9160a0000 'C:\WINDOWS\system32\midimap.dll'
34942560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
34952560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
34962560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
34972560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
34982560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34992560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35002560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35012560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35022560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35032560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35042560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35052560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35062560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35072560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35082560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35092560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35102560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35112560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35122560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
35132560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35142560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916710000 'C:\WINDOWS\System32\dsound.dll'
35152560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35162560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35172560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35182560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35192560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
35202560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35212560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91de40000 'C:\WINDOWS\system32\winmm.dll'
35222560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
35232560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
35242560.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
35252560.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35262560.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff922a00000 'C:\WINDOWS\system32/kernel32.dll'
35272560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002cec pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
35282560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
35292560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
35302560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91fca0000 'C:\Windows\System32\WINTRUST.DLL'
35312560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\CRYPT32.dll'
35322560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9DE0AE5A831B542C653001320C6D23DB821AB045
35332560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
35342560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
35352560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904e10000 'C:\Windows\System32\cryptnet.dll'
35362560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
35372560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35382560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35392560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
35402560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
35412560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
35422560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
35432560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
35442560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
35452560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35462560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35472560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35482560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
35492560.938: supR3HardenedDllNotificationCallback: load 00007ff902ef0000 LB 0x00091000 C:\WINDOWS\system32\mscms.dll [fFlags=0x0]
35502560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
35512560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff902ef0000 'C:\WINDOWS\system32\mscms.dll'
35522560.938: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002d00 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
35532560.938: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000125f710
35542560.938: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000125f710
35552560.938: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C64882D9D993EF4CE01F569750C8BC8223059F2
35562560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91ee40000 'C:\WINDOWS\system32\rsaenh.dll'
35572560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91f9c0000 'C:\WINDOWS\system32\crypt32.dll'
35582560.938: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
35592560.938: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35602560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35612560.938: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
35622560.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
35632560.938: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
35642560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
35652560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
35662560.938: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
35672560.938: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35682560.938: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35692560.938: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35702560.938: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
35712560.938: supR3HardenedDllNotificationCallback: load 00007ff9035e0000 LB 0x00042000 C:\WINDOWS\system32\icm32.dll [fFlags=0x0]
35722560.938: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
35732560.938: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9035e0000 'C:\WINDOWS\system32\icm32.dll'
35742560.2de4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
35752560.2de4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35762560.2de4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a170000 'C:\WINDOWS\system32\avrt.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy