VirtualBox

Ticket #15719: VBoxHardening.log

File VBoxHardening.log, 324.4 KB (added by fernandonajera, 8 years ago)
Line 
12ad8.57c: Log file opened: 5.1.2r108956 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0295a00
22ad8.57c: \SystemRoot\System32\ntdll.dll:
32ad8.57c: CreationTime: 2016-05-20T16:27:07.723341300Z
42ad8.57c: LastWriteTime: 2016-04-23T05:24:28.464629900Z
52ad8.57c: ChangeTime: 2016-05-20T21:45:29.910684800Z
62ad8.57c: FileAttributes: 0x20
72ad8.57c: Size: 0x1bc248
82ad8.57c: NT Headers: 0xe0
92ad8.57c: Timestamp: 0x571af2eb
102ad8.57c: Machine: 0x8664 - amd64
112ad8.57c: Timestamp: 0x571af2eb
122ad8.57c: Image Version: 10.0
132ad8.57c: SizeOfImage: 0x1c1000 (1839104)
142ad8.57c: Resource Dir: 0x159000 LB 0x66218
152ad8.57c: ProductName: Microsoft® Windows® Operating System
162ad8.57c: ProductVersion: 10.0.10586.306
172ad8.57c: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
182ad8.57c: FileDescription: NT Layer DLL
192ad8.57c: \SystemRoot\System32\kernel32.dll:
202ad8.57c: CreationTime: 2015-10-30T07:17:46.221743200Z
212ad8.57c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
222ad8.57c: ChangeTime: 2016-05-20T16:10:21.498768000Z
232ad8.57c: FileAttributes: 0x20
242ad8.57c: Size: 0xac430
252ad8.57c: NT Headers: 0xf0
262ad8.57c: Timestamp: 0x5632d5aa
272ad8.57c: Machine: 0x8664 - amd64
282ad8.57c: Timestamp: 0x5632d5aa
292ad8.57c: Image Version: 10.0
302ad8.57c: SizeOfImage: 0xad000 (708608)
312ad8.57c: Resource Dir: 0xab000 LB 0x528
322ad8.57c: ProductName: Microsoft® Windows® Operating System
332ad8.57c: ProductVersion: 10.0.10586.0
342ad8.57c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
352ad8.57c: FileDescription: Windows NT BASE API Client DLL
362ad8.57c: \SystemRoot\System32\KernelBase.dll:
372ad8.57c: CreationTime: 2016-07-13T11:39:11.487742000Z
382ad8.57c: LastWriteTime: 2016-07-01T04:49:21.864958900Z
392ad8.57c: ChangeTime: 2016-07-13T22:18:46.496971100Z
402ad8.57c: FileAttributes: 0x20
412ad8.57c: Size: 0x1e7a10
422ad8.57c: NT Headers: 0xf0
432ad8.57c: Timestamp: 0x5775e4c5
442ad8.57c: Machine: 0x8664 - amd64
452ad8.57c: Timestamp: 0x5775e4c5
462ad8.57c: Image Version: 10.0
472ad8.57c: SizeOfImage: 0x1e8000 (1998848)
482ad8.57c: Resource Dir: 0x1d1000 LB 0x548
492ad8.57c: ProductName: Microsoft® Windows® Operating System
502ad8.57c: ProductVersion: 10.0.10586.494
512ad8.57c: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
522ad8.57c: FileDescription: Windows NT BASE API Client DLL
532ad8.57c: \SystemRoot\System32\apisetschema.dll:
542ad8.57c: CreationTime: 2015-10-30T07:17:57.502957900Z
552ad8.57c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
562ad8.57c: ChangeTime: 2016-05-21T02:02:11.464408600Z
572ad8.57c: FileAttributes: 0x20
582ad8.57c: Size: 0x16d60
592ad8.57c: NT Headers: 0xc8
602ad8.57c: Timestamp: 0x5632d94c
612ad8.57c: Machine: 0x8664 - amd64
622ad8.57c: Timestamp: 0x5632d94c
632ad8.57c: Image Version: 10.0
642ad8.57c: SizeOfImage: 0x18000 (98304)
652ad8.57c: Resource Dir: 0x17000 LB 0x400
662ad8.57c: ProductName: Microsoft® Windows® Operating System
672ad8.57c: ProductVersion: 10.0.10586.0
682ad8.57c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
692ad8.57c: FileDescription: ApiSet Schema DLL
702ad8.57c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
712ad8.57c: supR3HardenedWinFindAdversaries: 0x0
722ad8.57c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
732ad8.57c: Calling main()
742ad8.57c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
752ad8.57c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
762ad8.57c: SUPR3HardenedMain: Respawn #1
772ad8.57c: System32: \Device\HarddiskVolume2\Windows\System32
782ad8.57c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
792ad8.57c: KnownDllPath: C:\Windows\system32
802ad8.57c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
812ad8.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
822ad8.57c: supR3HardNtEnableThreadCreation:
832ad8.57c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94bb6d50 pvNtTerminateThread=00007fff94be5b30
842ad8.57c: supR3HardenedWinDoReSpawn(1): New child 1630.2124 [kernel32].
852ad8.57c: supR3HardNtChildGatherData: PebBaseAddress=00000000006ff000 cbPeb=0x388
862ad8.57c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94b40000 uNtDllChildAddr=00007fff94b40000
872ad8.57c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94bb6d50
882ad8.57c: supR3HardenedWinSetupChildInit: Start child.
892ad8.57c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
902ad8.57c: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
912ad8.57c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
922ad8.57c: *0000000000000000-ffffffffffa2ffff 0x0001/0x0000 0x0000000
932ad8.57c: *00000000005d0000-00000000005affff 0x0004/0x0004 0x0020000
942ad8.57c: *00000000005f0000-00000000005ebfff 0x0002/0x0002 0x0040000
952ad8.57c: 00000000005f4000-00000000005e7fff 0x0001/0x0000 0x0000000
962ad8.57c: *0000000000600000-0000000000500fff 0x0000/0x0004 0x0020000
972ad8.57c: 00000000006ff000-00000000006fbfff 0x0004/0x0004 0x0020000
982ad8.57c: 0000000000702000-0000000000603fff 0x0000/0x0004 0x0020000
992ad8.57c: *0000000000800000-00000000007eafff 0x0002/0x0002 0x0040000
1002ad8.57c: 0000000000815000-0000000000809fff 0x0001/0x0000 0x0000000
1012ad8.57c: *0000000000820000-0000000000724fff 0x0000/0x0004 0x0020000
1022ad8.57c: 000000000091b000-0000000000917fff 0x0104/0x0004 0x0020000
1032ad8.57c: 000000000091e000-000000000091bfff 0x0004/0x0004 0x0020000
1042ad8.57c: *0000000000920000-000000000091dfff 0x0004/0x0004 0x0020000
1052ad8.57c: 0000000000922000-ffffffff81263fff 0x0001/0x0000 0x0000000
1062ad8.57c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1072ad8.57c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1082ad8.57c: 000000007fff0000-ffff800a42e0ffff 0x0001/0x0000 0x0000000
1092ad8.57c: *00007ff6bd1d0000-00007ff6bd1acfff 0x0002/0x0002 0x0040000
1102ad8.57c: 00007ff6bd1f3000-00007ff6bd065fff 0x0001/0x0000 0x0000000
1112ad8.57c: *00007ff6bd380000-00007ff6bd380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1122ad8.57c: 00007ff6bd381000-00007ff6bd3effff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1132ad8.57c: 00007ff6bd3f0000-00007ff6bd3f0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1142ad8.57c: 00007ff6bd3f1000-00007ff6bd434fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1152ad8.57c: 00007ff6bd435000-00007ff6bd435fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1162ad8.57c: 00007ff6bd436000-00007ff6bd436fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1172ad8.57c: 00007ff6bd437000-00007ff6bd43bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1182ad8.57c: 00007ff6bd43c000-00007ff6bd43cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1192ad8.57c: 00007ff6bd43d000-00007ff6bd43dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1202ad8.57c: 00007ff6bd43e000-00007ff6bd441fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1212ad8.57c: 00007ff6bd442000-00007ff6bd489fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1222ad8.57c: 00007ff6bd48a000-00007fede5dd3fff 0x0001/0x0000 0x0000000
1232ad8.57c: *00007fff94b40000-00007fff94b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1242ad8.57c: 00007fff94b41000-00007fff94c3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1252ad8.57c: 00007fff94c3e000-00007fff94c7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1262ad8.57c: 00007fff94c7f000-00007fff94c87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1272ad8.57c: 00007fff94c88000-00007fff94c94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1282ad8.57c: 00007fff94c95000-00007fff94c95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1292ad8.57c: 00007fff94c96000-00007fff94c98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1302ad8.57c: 00007fff94c99000-00007fff94d00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1312ad8.57c: 00007fff94d01000-00007fff29a21fff 0x0001/0x0000 0x0000000
1322ad8.57c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1332ad8.57c: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
1342ad8.57c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1352ad8.57c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1362ad8.57c: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
1371630.2124: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
1381630.2124: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94b40000 g_uNtVerCombined=0xa0295a00
1391630.2124: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
1401630.2124: New simple heap: #1 0000000000a30000 LB 0x400000 (for 1839104 allocation)
1412ad8.57c: supR3HardNtEnableThreadCreation:
1421630.2124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1431630.2124: System32: \Device\HarddiskVolume2\Windows\System32
1441630.2124: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1451630.2124: KnownDllPath: C:\Windows\system32
1461630.2124: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1471630.2124: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1481630.2124: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1491630.2124: Registered Dll notification callback with NTDLL.
1501630.2124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1511630.2124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1521630.2124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1531630.2124: supR3HardenedDllNotificationCallback: load 00007fff915f0000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1541630.2124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1551630.2124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1561630.2124: supR3HardenedDllNotificationCallback: load 00007fff93170000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
1571630.2124: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1581630.2124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93170000 'C:\Windows\system32\KERNEL32.DLL'
1591630.2124: supR3HardenedDllNotificationCallback: load 00007ff6bd380000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1601630.2124: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1611630.2124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1621630.2124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1631630.2124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94bb6d50 pvNtTerminateThread=00007fff94be5b30
1642ad8.57c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 90 ms.
1651630.2124: \SystemRoot\System32\ntdll.dll:
1661630.2124: CreationTime: 2016-05-20T16:27:07.723341300Z
1671630.2124: LastWriteTime: 2016-04-23T05:24:28.464629900Z
1681630.2124: ChangeTime: 2016-05-20T21:45:29.910684800Z
1691630.2124: FileAttributes: 0x20
1701630.2124: Size: 0x1bc248
1711630.2124: NT Headers: 0xe0
1721630.2124: Timestamp: 0x571af2eb
1731630.2124: Machine: 0x8664 - amd64
1741630.2124: Timestamp: 0x571af2eb
1751630.2124: Image Version: 10.0
1761630.2124: SizeOfImage: 0x1c1000 (1839104)
1771630.2124: Resource Dir: 0x159000 LB 0x66218
1781630.2124: ProductName: Microsoft® Windows® Operating System
1791630.2124: ProductVersion: 10.0.10586.306
1801630.2124: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
1811630.2124: FileDescription: NT Layer DLL
1821630.2124: \SystemRoot\System32\kernel32.dll:
1831630.2124: CreationTime: 2015-10-30T07:17:46.221743200Z
1841630.2124: LastWriteTime: 2015-10-30T07:17:46.221743200Z
1851630.2124: ChangeTime: 2016-05-20T16:10:21.498768000Z
1861630.2124: FileAttributes: 0x20
1871630.2124: Size: 0xac430
1881630.2124: NT Headers: 0xf0
1891630.2124: Timestamp: 0x5632d5aa
1901630.2124: Machine: 0x8664 - amd64
1911630.2124: Timestamp: 0x5632d5aa
1921630.2124: Image Version: 10.0
1931630.2124: SizeOfImage: 0xad000 (708608)
1941630.2124: Resource Dir: 0xab000 LB 0x528
1951630.2124: ProductName: Microsoft® Windows® Operating System
1961630.2124: ProductVersion: 10.0.10586.0
1971630.2124: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
1981630.2124: FileDescription: Windows NT BASE API Client DLL
1991630.2124: \SystemRoot\System32\KernelBase.dll:
2001630.2124: CreationTime: 2016-07-13T11:39:11.487742000Z
2011630.2124: LastWriteTime: 2016-07-01T04:49:21.864958900Z
2021630.2124: ChangeTime: 2016-07-13T22:18:46.496971100Z
2031630.2124: FileAttributes: 0x20
2041630.2124: Size: 0x1e7a10
2051630.2124: NT Headers: 0xf0
2061630.2124: Timestamp: 0x5775e4c5
2071630.2124: Machine: 0x8664 - amd64
2081630.2124: Timestamp: 0x5775e4c5
2091630.2124: Image Version: 10.0
2101630.2124: SizeOfImage: 0x1e8000 (1998848)
2111630.2124: Resource Dir: 0x1d1000 LB 0x548
2121630.2124: ProductName: Microsoft® Windows® Operating System
2131630.2124: ProductVersion: 10.0.10586.494
2141630.2124: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
2151630.2124: FileDescription: Windows NT BASE API Client DLL
2161630.2124: \SystemRoot\System32\apisetschema.dll:
2171630.2124: CreationTime: 2015-10-30T07:17:57.502957900Z
2181630.2124: LastWriteTime: 2015-10-30T07:17:57.502957900Z
2191630.2124: ChangeTime: 2016-05-21T02:02:11.464408600Z
2201630.2124: FileAttributes: 0x20
2211630.2124: Size: 0x16d60
2221630.2124: NT Headers: 0xc8
2231630.2124: Timestamp: 0x5632d94c
2241630.2124: Machine: 0x8664 - amd64
2251630.2124: Timestamp: 0x5632d94c
2261630.2124: Image Version: 10.0
2271630.2124: SizeOfImage: 0x18000 (98304)
2281630.2124: Resource Dir: 0x17000 LB 0x400
2291630.2124: ProductName: Microsoft® Windows® Operating System
2301630.2124: ProductVersion: 10.0.10586.0
2311630.2124: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
2321630.2124: FileDescription: ApiSet Schema DLL
2331630.2124: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2341630.2124: supR3HardenedWinFindAdversaries: 0x0
2351630.2124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2361630.2124: Calling main()
2371630.2124: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2381630.2124: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2391630.2124: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2401630.2124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2411630.2124: SUPR3HardenedMain: Respawn #2
2421630.2124: supR3HardNtEnableThreadCreation:
2431630.2124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94bb6d50 pvNtTerminateThread=00007fff94be5b30
2441630.2124: supR3HardenedWinDoReSpawn(2): New child 19e8.28b4 [kernel32].
2451630.2124: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2461630.2124: supR3HardNtChildGatherData: PebBaseAddress=0000000000a3e000 cbPeb=0x388
2471630.2124: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94b40000 uNtDllChildAddr=00007fff94b40000
2481630.2124: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94bb6d50
2491630.2124: supR3HardenedWinSetupChildInit: Start child.
2501630.2124: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2511630.2124: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
2521630.2124: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2531630.2124: *0000000000000000-ffffffffff7bffff 0x0001/0x0000 0x0000000
2541630.2124: *0000000000840000-000000000081ffff 0x0004/0x0004 0x0020000
2551630.2124: *0000000000860000-000000000084afff 0x0002/0x0002 0x0040000
2561630.2124: 0000000000875000-0000000000869fff 0x0001/0x0000 0x0000000
2571630.2124: *0000000000880000-0000000000784fff 0x0000/0x0004 0x0020000
2581630.2124: 000000000097b000-0000000000977fff 0x0104/0x0004 0x0020000
2591630.2124: 000000000097e000-000000000097bfff 0x0004/0x0004 0x0020000
2601630.2124: *0000000000980000-000000000097bfff 0x0002/0x0002 0x0040000
2611630.2124: 0000000000984000-0000000000977fff 0x0001/0x0000 0x0000000
2621630.2124: *0000000000990000-000000000098dfff 0x0004/0x0004 0x0020000
2631630.2124: 0000000000992000-0000000000923fff 0x0001/0x0000 0x0000000
2641630.2124: *0000000000a00000-00000000009c1fff 0x0000/0x0004 0x0020000
2651630.2124: 0000000000a3e000-0000000000a3afff 0x0004/0x0004 0x0020000
2661630.2124: 0000000000a41000-0000000000881fff 0x0000/0x0004 0x0020000
2671630.2124: 0000000000c00000-ffffffff8181ffff 0x0001/0x0000 0x0000000
2681630.2124: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2691630.2124: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2701630.2124: 000000007fff0000-ffff800a4302ffff 0x0001/0x0000 0x0000000
2711630.2124: *00007ff6bcfb0000-00007ff6bcf8cfff 0x0002/0x0002 0x0040000
2721630.2124: 00007ff6bcfd3000-00007ff6bcc25fff 0x0001/0x0000 0x0000000
2731630.2124: *00007ff6bd380000-00007ff6bd380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2741630.2124: 00007ff6bd381000-00007ff6bd3effff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2751630.2124: 00007ff6bd3f0000-00007ff6bd3f0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2761630.2124: 00007ff6bd3f1000-00007ff6bd434fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2771630.2124: 00007ff6bd435000-00007ff6bd435fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2781630.2124: 00007ff6bd436000-00007ff6bd436fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2791630.2124: 00007ff6bd437000-00007ff6bd43bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2801630.2124: 00007ff6bd43c000-00007ff6bd43cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2811630.2124: 00007ff6bd43d000-00007ff6bd43dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2821630.2124: 00007ff6bd43e000-00007ff6bd441fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2831630.2124: 00007ff6bd442000-00007ff6bd489fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2841630.2124: 00007ff6bd48a000-00007fede5dd3fff 0x0001/0x0000 0x0000000
2851630.2124: *00007fff94b40000-00007fff94b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2861630.2124: 00007fff94b41000-00007fff94c3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2871630.2124: 00007fff94c3e000-00007fff94c7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2881630.2124: 00007fff94c7f000-00007fff94c87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2891630.2124: 00007fff94c88000-00007fff94c94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2901630.2124: 00007fff94c95000-00007fff94c95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2911630.2124: 00007fff94c96000-00007fff94c98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2921630.2124: 00007fff94c99000-00007fff94d00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2931630.2124: 00007fff94d01000-00007fff29a21fff 0x0001/0x0000 0x0000000
2941630.2124: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2951630.2124: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
2961630.2124: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2971630.2124: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2981630.2124: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
29919e8.28b4: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
30019e8.28b4: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94b40000 g_uNtVerCombined=0xa0295a00
30119e8.28b4: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
30219e8.28b4: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1839104 allocation)
3031630.2124: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a30000 LB 0x400000)
3041630.2124: supR3HardNtEnableThreadCreation:
30519e8.28b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
30619e8.28b4: System32: \Device\HarddiskVolume2\Windows\System32
30719e8.28b4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
30819e8.28b4: KnownDllPath: C:\Windows\system32
30919e8.28b4: supR3HardenedVmProcessInit: Opening vboxdrv...
31019e8.28b4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
31119e8.28b4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
31219e8.28b4: Registered Dll notification callback with NTDLL.
31319e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
31419e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
31519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
31619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff915f0000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
31719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
31819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
31919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff93170000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
32019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
32119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93170000 'C:\Windows\system32\KERNEL32.DLL'
32219e8.28b4: supR3HardenedDllNotificationCallback: load 00007ff6bd380000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
32319e8.28b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
32419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
32519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32619e8.28b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94bb6d50 pvNtTerminateThread=00007fff94be5b30
3271630.2124: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms.
32819e8.28b4: \SystemRoot\System32\ntdll.dll:
32919e8.28b4: CreationTime: 2016-05-20T16:27:07.723341300Z
33019e8.28b4: LastWriteTime: 2016-04-23T05:24:28.464629900Z
33119e8.28b4: ChangeTime: 2016-05-20T21:45:29.910684800Z
33219e8.28b4: FileAttributes: 0x20
33319e8.28b4: Size: 0x1bc248
33419e8.28b4: NT Headers: 0xe0
33519e8.28b4: Timestamp: 0x571af2eb
33619e8.28b4: Machine: 0x8664 - amd64
33719e8.28b4: Timestamp: 0x571af2eb
33819e8.28b4: Image Version: 10.0
33919e8.28b4: SizeOfImage: 0x1c1000 (1839104)
34019e8.28b4: Resource Dir: 0x159000 LB 0x66218
34119e8.28b4: ProductName: Microsoft® Windows® Operating System
34219e8.28b4: ProductVersion: 10.0.10586.306
34319e8.28b4: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
34419e8.28b4: FileDescription: NT Layer DLL
34519e8.28b4: \SystemRoot\System32\kernel32.dll:
34619e8.28b4: CreationTime: 2015-10-30T07:17:46.221743200Z
34719e8.28b4: LastWriteTime: 2015-10-30T07:17:46.221743200Z
34819e8.28b4: ChangeTime: 2016-05-20T16:10:21.498768000Z
34919e8.28b4: FileAttributes: 0x20
35019e8.28b4: Size: 0xac430
35119e8.28b4: NT Headers: 0xf0
35219e8.28b4: Timestamp: 0x5632d5aa
35319e8.28b4: Machine: 0x8664 - amd64
35419e8.28b4: Timestamp: 0x5632d5aa
35519e8.28b4: Image Version: 10.0
35619e8.28b4: SizeOfImage: 0xad000 (708608)
35719e8.28b4: Resource Dir: 0xab000 LB 0x528
35819e8.28b4: ProductName: Microsoft® Windows® Operating System
35919e8.28b4: ProductVersion: 10.0.10586.0
36019e8.28b4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
36119e8.28b4: FileDescription: Windows NT BASE API Client DLL
36219e8.28b4: \SystemRoot\System32\KernelBase.dll:
36319e8.28b4: CreationTime: 2016-07-13T11:39:11.487742000Z
36419e8.28b4: LastWriteTime: 2016-07-01T04:49:21.864958900Z
36519e8.28b4: ChangeTime: 2016-07-13T22:18:46.496971100Z
36619e8.28b4: FileAttributes: 0x20
36719e8.28b4: Size: 0x1e7a10
36819e8.28b4: NT Headers: 0xf0
36919e8.28b4: Timestamp: 0x5775e4c5
37019e8.28b4: Machine: 0x8664 - amd64
37119e8.28b4: Timestamp: 0x5775e4c5
37219e8.28b4: Image Version: 10.0
37319e8.28b4: SizeOfImage: 0x1e8000 (1998848)
37419e8.28b4: Resource Dir: 0x1d1000 LB 0x548
37519e8.28b4: ProductName: Microsoft® Windows® Operating System
37619e8.28b4: ProductVersion: 10.0.10586.494
37719e8.28b4: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
37819e8.28b4: FileDescription: Windows NT BASE API Client DLL
37919e8.28b4: \SystemRoot\System32\apisetschema.dll:
38019e8.28b4: CreationTime: 2015-10-30T07:17:57.502957900Z
38119e8.28b4: LastWriteTime: 2015-10-30T07:17:57.502957900Z
38219e8.28b4: ChangeTime: 2016-05-21T02:02:11.464408600Z
38319e8.28b4: FileAttributes: 0x20
38419e8.28b4: Size: 0x16d60
38519e8.28b4: NT Headers: 0xc8
38619e8.28b4: Timestamp: 0x5632d94c
38719e8.28b4: Machine: 0x8664 - amd64
38819e8.28b4: Timestamp: 0x5632d94c
38919e8.28b4: Image Version: 10.0
39019e8.28b4: SizeOfImage: 0x18000 (98304)
39119e8.28b4: Resource Dir: 0x17000 LB 0x400
39219e8.28b4: ProductName: Microsoft® Windows® Operating System
39319e8.28b4: ProductVersion: 10.0.10586.0
39419e8.28b4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
39519e8.28b4: FileDescription: ApiSet Schema DLL
39619e8.28b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
39719e8.28b4: supR3HardenedWinFindAdversaries: 0x0
39819e8.28b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
39919e8.28b4: Calling main()
40019e8.28b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
40119e8.28b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
40219e8.28b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
40319e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
40419e8.28b4: SUPR3HardenedMain: Final process, opening VBoxDrv...
40519e8.28b4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
40619e8.28b4: supR3HardNtEnableThreadCreation:
40719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
40819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
40919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
41019e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8ec60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
41219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
42019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
42219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
42319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
42419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
42519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
42619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
42719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
42819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
42919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
43019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
43119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
43219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
43419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
43519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
43619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
43719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
43819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
43919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
44019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
44119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
44219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
44319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
44419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
44519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
44619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
44719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
44819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
44919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
45019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
45119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92cb0000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
45219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
45319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91190000 LB 0x00010000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
45419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
45519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91280000 LB 0x001c8000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
45619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
45719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff93220000 LB 0x0011c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
45819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
45919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91e30000 LB 0x00055000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
46019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
46119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\system32\Wintrust.dll'
46219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
46319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
46419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
46519e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff90ff0000 LB 0x00029000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
46719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90ff0000 'C:\Windows\system32\bcrypt.dll'
46919e8.28b4: bcrypt.dll loaded at 00007fff90ff0000, BCryptOpenAlgorithmProvider at 00007fff90ff3b50, preloading providers:
47019e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
47119e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
47219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
47319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff914a0000 LB 0x0006a000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
47419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
47519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff914a0000 'C:\Windows\system32\bcryptprimitives.dll'
47619e8.28b4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000012e9670)
47719e8.28b4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000012e9d30)
47819e8.28b4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000012ea000)
47919e8.28b4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000012ea360)
48019e8.28b4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000012eae80)
48119e8.28b4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000012eb1a0)
48219e8.28b4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000012eb4b0)
48319e8.28b4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000012eb780)
48419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
48519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
48619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
48719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
48819e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
48919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
49019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
49319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
49619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
49919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
50019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
50219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
50319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
50519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
50619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
50719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff90ae0000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
50819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
50919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
51019e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
51119e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
51219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
51319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
51419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
51519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
51619e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
51719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff90770000 LB 0x00034000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
51819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
51919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
52019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
52119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
52219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
52319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff90c00000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
52419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
52519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
52619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
52719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
52819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
52919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
53019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93170000 'C:\Windows\system32\kernel32.dll'
53119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
53219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
53319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
53419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
53519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\CRYPT32.dll'
53619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92c90000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
53719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
53819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
53919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
54019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
54119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
54219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
54319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
54519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
54619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92e00000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
54719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
54819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
54919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
55019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
55119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
55219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
55319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
55419e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff90160000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
55519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
55619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91170000 LB 0x00014000 C:\Windows\system32\profapi.dll [fFlags=0x0]
55719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
55819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
55919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
56019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
56119e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
56219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
56319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
56419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
56519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
56619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
56719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
56819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
56919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
57319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
57419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
57519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57819e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57919e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58019e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff86d70000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
58119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
58419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
58519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
58719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
58819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
59119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
59419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
59719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59819e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
60019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
60219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
60419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
60619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
60819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
61019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\system32\cryptnet.dll'
61119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
61219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86d70000 'C:\Windows\System32\cryptnet.dll'
61319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92d50000 LB 0x000a7000 C:\Windows\system32\advapi32.dll [fFlags=0x0]
61419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
61619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
61719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
61819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
61919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
62119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
62219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
62319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
62419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
62519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
62619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
62719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
62819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
62919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
63119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
63219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
63419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
63519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001328f70
63619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
63719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
63819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
63919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
64019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93220000 'C:\Windows\system32\rpcrt4.dll'
64119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
64319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
64519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
64719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
64919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
65119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
65319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\System32\WINTRUST.DLL'
65619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
65919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
66019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
66219e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1985_for_KB3172985~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
66319e8.28b4: g_pfnWinVerifyTrust=00007fff91e374d0
66419e8.28b4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
66519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
66619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
66819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
66919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
67119e8.28b4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
67219e8.28b4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
67319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
67419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
67619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
67719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
67919e8.28b4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
68019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
68119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
68219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
68319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
68419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
68519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
68619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
68719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
68819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
68919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
69119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
69219e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
69319e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
69419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
69519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
69719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
69819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
69919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
70119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
70219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
70319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
70519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
70619e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
70719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
70919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
71019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
71119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
71219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
71319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
71419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
71519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
71619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
71719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
71819e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
72019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
72119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
72219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
72419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
72519e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
72619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
72719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
72819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
72919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
73019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
73119e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
73219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
73319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
73419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
73519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
73619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
73719e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
73819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
73919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
74019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
74119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
74219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
74319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
74419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
74519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
74619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
74719e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
74819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
74919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
75019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
75119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
75219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xe016ca5e8bc5a600 C=ES, O=Ferferhosting.com, CN=ferferhosting.com CA, Email=ca@ferferhosting.com
75319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
75419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
75519e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
75619e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
75719e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
75819e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
75919e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
76019e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
76119e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
76219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
76319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
76419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
76519e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
76619e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
76719e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
76819e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
76919e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
77019e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
77119e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
77219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
77319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
77419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
77519e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xfbf8ea8e6b96ca00 C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
77619e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
77719e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
77819e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
77919e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
78019e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
78119e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
78219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
78319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
78419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
78519e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
78619e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
78719e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
78819e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
78919e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
79019e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
79119e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
79219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
79319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
79419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
79519e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
79619e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
79719e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
79819e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x4297e24fc722b300 C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
79919e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
80019e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
80119e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
80219e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
80319e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
80419e8.28b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
80519e8.28b4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
80619e8.28b4: SUPR3HardenedMain: Load Runtime...
80719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
80819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
80919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
81019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
81119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
81219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
81319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
81419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
81519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
81619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
81719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
81819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
81919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
82019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
82119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
82219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
82319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
82419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
82519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
82619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
82719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
82819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
82919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
83019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
83119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
83219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
83319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
83419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
83519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
83619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
83719e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
83819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
83919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
84019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
84119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
84219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
84319e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
84419e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
84519e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
84619e8.28b4: supR3HardenedDllNotificationCallback: load 000000006c510000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
84719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
84819e8.28b4: supR3HardenedDllNotificationCallback: load 000000006c5f0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
84919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
85019e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92aa0000 LB 0x0006b000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
85119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
85219e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff6cd90000 LB 0x00519000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
85319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
85419e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
85519e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
85619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
85719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
85919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
86019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
86319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
86619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
86919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
87019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
87219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
87319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
88219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89919e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
90019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
90119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91e30000 'C:\Windows\system32\Wintrust.dll'
90619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
90719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
90819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
90919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
91019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
91119e8.28b4: SUPR3HardenedMain: Load TrustedMain...
91219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
91319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
91519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
91619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
91719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
91819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
91919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
92019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
92119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
92219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
92319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
92419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
92519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
92619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
92719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
92819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
92919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
93019e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
93119e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
93219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
93319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
93419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
93519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
93619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
93719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
93819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
93919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
94019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
94119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
94219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
94319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
94419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
94519e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
94619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
94719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
94819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
94919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
95119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
95219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
95319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
95419e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
95519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
95619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
95719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
95819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
96019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
96119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
96219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
96319e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
96419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
96519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
96619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
96719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
96819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
96919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
97019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
97119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
97219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
97319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
97419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
97519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
97619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
97719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
97819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
97919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
98019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
98119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
98219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
98319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
98419e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
98519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
98619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
98719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
98819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
98919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
99019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
99119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
99219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
99319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
99419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
99519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
99619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
99719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
99819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
99919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
100019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
100119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
100219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
100319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
100419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
100519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
100619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
100719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
100819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
100919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
101019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
101119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
101219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
101319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
101419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
101519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
101619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
101719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
101819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
101919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
102019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
102119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
102219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
102319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
102419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
102519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
102619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
102719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
102819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
102919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
103019e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
103119e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
103219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
103319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
103419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
103519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
103619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
103719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
103819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
103919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
104019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
104119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
104219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
104319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
104419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
104519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
104619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
104719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
104819e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
104919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
105019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
105119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
105219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
105319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
105419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
105519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
105619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
105719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
105819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
105919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
106019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
106119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
106219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
106319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
106419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
106519e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
106619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
106719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
106819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
106919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
107019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
107119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
107219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
107319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
107419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
107519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
107619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
107719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
107819e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
107919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
108019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
108119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
108219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
108319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
108419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
108519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
108619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
108719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
108819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
108919e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
109019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
109119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
109219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
109319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
109419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
109519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
109619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
109719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
109819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
109919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
110019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
110119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
110219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
110319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
110419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
110519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
110619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
110719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
110819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
110919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
111019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
111119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
111219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
111319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
111419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
111519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
111619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
111719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
111819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
111919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
112019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
112119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
112219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
112319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
112419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
112519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
112619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
112719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
112819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
112919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
113019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
113119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
113219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
113319e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
113419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
113519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
113619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
113719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
113819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
113919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
114019e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
114119e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
114219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
114319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
114419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
114519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
114619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
114719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
114819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
114919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
115019e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
115119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
115219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
115319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
115419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
115519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
115619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
115719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
115819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
115919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
116019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
116119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
116219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
116319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
116419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
116519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
116619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
116719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
116819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
116919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
117019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
117119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
117219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
117319e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
117419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
117519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
117619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
117719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
117819e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
117919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
118019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
118119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
118219e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
118319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
118419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
118519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
118619e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
118719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
118819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
118919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
119019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
119119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
119219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
119319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
119419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
119519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
119619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
119719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
119819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
119919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
120019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
120119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
120219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
120319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
120419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
120519e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
120619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
120719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
120819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
120919e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
121019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
121119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
121219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
121319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
121419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
121619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
121719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
121819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
122019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
122319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
122419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
122519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
122619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
122719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
122819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
122919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
123019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
123119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
123219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
123319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
123419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
123519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
123619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
123719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
123819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
123919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
124019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
124319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
124419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
124519e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
124619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
124719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
124819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
124919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
125019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
125119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
125219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
125319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
125419e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
125519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
125619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
125719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
125819e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
125919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
126019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
126119e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
126219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
126319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
126419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
126519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
126619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
126719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
126819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
126919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
127019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
127119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
127219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
127319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
127419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
127519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
127619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
127719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
127819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
127919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
128019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
128119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
128219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
128319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
128419e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
128519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
128619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
128719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
128819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
128919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
129019e8.28b4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
129119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
129219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
129319e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll)
129419e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
129519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
129619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
129719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
129819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
129919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
130019e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
130119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
130219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
130319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
130519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
130619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
131019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
131119e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
131219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
131319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
131419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
131519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
131619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
131719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
131819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
131919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
132019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
132119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
132219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
132319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
132419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
132519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
132619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
132719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
132819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
132919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
133019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
133119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
133219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
133319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
133419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
133519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
133619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
133719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
133819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
133919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
134119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
134319e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
134419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
134519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
134619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
134719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
134819e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
134919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
135019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
135119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
135219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
135319e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
135419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
135519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
135619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
135719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
135819e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
135919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
136019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
136119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
136219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
136319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
136419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
136519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
136619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
136719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
136819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
136919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
137019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
137119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
137219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
137319e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
137419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137519e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
137619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
137719e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
137819e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
137919e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
138019e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
138119e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
138219e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
138319e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
138419e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
138519e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
138619e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
138719e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
138819e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
138919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
139019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
139119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
139219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
139319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
139419e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
139519e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
139619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
139719e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\davhlpr.dll)
139819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
139919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff927e0000 LB 0x00156000 C:\Windows\system32\USER32.dll [fFlags=0x0]
140019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
140119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92fe0000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
140219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
140319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8bf90000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
140419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
140519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff7a880000 LB 0x000fa000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
140619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
140719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8c550000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
140819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
140919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff7a980000 LB 0x00129000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
141019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
141119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91450000 LB 0x00043000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
141219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
141319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
141419e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff93350000 LB 0x0027d000 C:\Windows\system32\combase.dll [fFlags=0x0]
141519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
141619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92780000 LB 0x00052000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
141719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
141819e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91160000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
141919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
142019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
142119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
142219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
142319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91530000 LB 0x000b5000 C:\Windows\system32\shcore.dll [fFlags=0x0]
142419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
142519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
142619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
142719e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
142819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
142919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff911a0000 LB 0x0004b000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
143019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
143119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
143219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
143319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
143419e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff917e0000 LB 0x00645000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
143519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
143619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
143719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
143819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
143919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
144019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
144119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff935d0000 LB 0x0155c000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
144219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
144319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92520000 LB 0x00143000 C:\Windows\system32\ole32.dll [fFlags=0x0]
144419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
144519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8ec40000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
144619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
144719e8.28b4: supR3HardenedDllNotificationCallback: load 000000006bfb0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
144819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
144919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff6bf00000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
145019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
145119e8.28b4: supR3HardenedDllNotificationCallback: load 000000006ba60000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
145219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
145319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8aea0000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
145419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
145519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8a130000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
145619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
145719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff911f0000 LB 0x00086000 C:\Windows\system32\FirewallAPI.dll [fFlags=0x0]
145819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
145919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff91510000 LB 0x00017000 C:\Windows\system32\NETAPI32.dll [fFlags=0x0]
146019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
146119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8ec70000 LB 0x0000c000 C:\Windows\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
146219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
146319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92670000 LB 0x0010b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
146419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
146519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff7de10000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
146619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
146719e8.28b4: supR3HardenedDllNotificationCallback: load 000000006ba00000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
146819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
146919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92b10000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
147019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
147119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8eb90000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
147219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
147319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8ebf0000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
147419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
147519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff6c4b0000 LB 0x008de000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
147619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
147719e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
147819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
147919e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
148019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
148119e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
148219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
148319e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
148419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
148519e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
148619e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
148719e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll'.
148819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll' [rescheduled]
148919e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
149019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
149119e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
149219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
149319e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
149419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
149519e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
149619e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll' [rescheduled]
149719e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
149819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rescheduled]
149919e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
150019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
150119e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
150219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
150319e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
150419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
150519e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
150619e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
150719e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
150819e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
150919e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
151019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
151119e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
151219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
151319e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
151419e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
151519e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
151619e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
151719e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
151819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
151919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
152019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
152119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
152219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
152319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
152419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
152519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
152619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
152719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
152819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
152919e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
153019e8.28b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
153119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
153219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
153319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
153419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
153519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
153619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
153719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
153819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
153919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
154019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
154119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
154219e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
154319e8.28b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
154419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
154719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
154819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
155019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
155519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
155619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
155719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
155819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
155919e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
156019e8.28b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
156119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
156219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
156319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
156419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
156519e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92be0000 LB 0x0003b000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
156619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
156719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92be0000 'C:\Windows\system32\IMM32.DLL'
156819e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
156919e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
157019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
157119e8.28b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
157219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
157319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92be0000 'C:\Windows\system32\imm32.dll'
157519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
157719e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fwbase.dll)
157819e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fwbase.dll
157919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8fee0000 LB 0x00032000 C:\Windows\SYSTEM32\fwbase.dll [fFlags=0x0]
158019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
158119e8.28b4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\fwbase.dll'.
158219e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\fwbase.dll' [rescheduled]
158319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
158419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
158519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
158619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
158719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
158819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
158919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
159019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92d50000 'C:\Windows\system32\ADVAPI32.DLL'
159119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c4b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
159219e8.28b4: SUPR3HardenedMain: Calling TrustedMain (00007fff6c4b15f0)...
159319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
159419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
159519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff935d0000 'C:\Windows\system32\shell32.dll'
159619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
159719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
159819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
159919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
160019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
160119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
160219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
160319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
160419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
160519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
160619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
160719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
160819e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
160919e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
161019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
161119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
161219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
161319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
161419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
161519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
161619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
161719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
161819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
162019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
162319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
162419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
162519e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
162619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
162719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
162819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
162919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
163019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
163119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
163219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
163319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
163419e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
163519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
163619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
163719e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
163819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
163919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
164019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
164119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
164219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
164319e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
164419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
164519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
164619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
164719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
164819e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
164919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff78390000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
165019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
165119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78390000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
165219e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000678 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
165319e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
165419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
165519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
165619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
165719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
165819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
165919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
166019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
166219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
166319e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
166419e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
166519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
166619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
166719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
166819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
166919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
167019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
167119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
167219e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
167319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8fae0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
167419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
167519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fae0000 'C:\Windows\system32\uxtheme.dll'
167619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff927e0000 'C:\Windows\system32\user32.dll'
167719e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
167819e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
167919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff935d0000 'C:\Windows\system32\shell32.dll'
168019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
168119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
168219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
168319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
168419e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
168519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91530000 'C:\Windows\system32\SHCore.dll'
168619e8.28b4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
168719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
168819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
168919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
169019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
169119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
169219e8.28b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
169319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
169419e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8f440000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
169519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
169619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
169719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
169819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
169919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
170019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
170119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
170219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
170319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
170619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
170719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
170819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
170919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
171019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
171119e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
171219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
171319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
171419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
171519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
171619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
171719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
171819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
171919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff935d0000 'C:\Windows\system32\shell32.dll'
172119e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
172219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fae0000 'C:\Windows\system32\uxtheme.dll'
172419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
172519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172619e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92d50000 'C:\Windows\system32\advapi32.dll'
172719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
172819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
172919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
173119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
173219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
173319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
173419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
173519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
173619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
173719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
173819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
173919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
174019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
174119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
174219e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
174319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff908c0000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
174419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
174519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff908c0000 'C:\Windows\system32\userenv.dll'
174619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
174719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
174819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93170000 'C:\Windows\system32\kernel32.dll'
174919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92ec0000 LB 0x000a7000 C:\Windows\system32\clbcatq.dll [fFlags=0x0]
175019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
175119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
175219e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
175319e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
175419e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
175519e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
175619e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175719e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175819e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
175919e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
176019e8.198c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
176119e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
176219e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
176319e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
176419e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
176519e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
176619e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
176719e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
176819e8.198c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
176919e8.198c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
177019e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
177119e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
177219e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
177319e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
177419e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
177519e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
177619e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
177719e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
177819e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
177919e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
178019e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
178119e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
178219e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
178319e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
178419e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
178519e8.198c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
178619e8.198c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
178719e8.198c: supR3HardenedDllNotificationCallback: load 00007fff6a7a0000 LB 0x00501000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
178819e8.198c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
178919e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
179019e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
179119e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
179219e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
179319e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
179419e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
179519e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
179619e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
179719e8.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
179819e8.198c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
179919e8.198c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
180019e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
180119e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
180219e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
180319e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
180419e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
180519e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
180619e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
180719e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
180819e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
180919e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
181019e8.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
181119e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
181219e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
181319e8.198c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
181419e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
181519e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
181619e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
181719e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
181819e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
181919e8.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
182019e8.198c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
182119e8.198c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
182219e8.198c: supR3HardenedDllNotificationCallback: load 00007fff71380000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
182319e8.198c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
182419e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff71380000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
182519e8.198c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
182619e8.198c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
182719e8.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92b10000 'C:\Windows\System32\oleaut32.dll'
182819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92fe0000 'C:\Windows\system32\gdi32.dll'
182919e8.1824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
183019e8.1824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
183119e8.1824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
183219e8.1824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
183319e8.1824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
183419e8.1824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
183519e8.1824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
183619e8.1824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
183719e8.1824: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
183819e8.1824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
183919e8.1824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
184019e8.1824: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
184119e8.1824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
184219e8.1824: supR3HardenedDllNotificationCallback: load 00007fff8bf60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
184319e8.1824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
184419e8.1824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8bf60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
184519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff935d0000 'C:\Windows\system32\shell32.dll'
184619e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff92940000 LB 0x0015a000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
184719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
184819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
184919e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
185019e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
185119e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
185219e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
185319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
185419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
185519e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
185619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
185719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
185819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
185919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
186019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
186119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
186219e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
186319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
186419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
186519e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
186619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000988 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
186719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
186819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
186919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
187019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
187119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
187219e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
187319e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
187419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
187619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
187719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
187819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
187919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
188019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
188119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
188219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
188319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
188419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
188519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
188619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
188719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
188819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
188919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
189019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
189319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
189419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
189519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
189619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
189719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
189819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
189919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
190019e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
190119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
190219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
190319e8.28b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
190419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
190519e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
190619e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
190719e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
190819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
190919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
191019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
191219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
191319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
191419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
191519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
191619e8.28b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
191719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
191819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
191919e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
192019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
192319e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
192419e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
192519e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
192619e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
192719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8e590000 LB 0x000a2000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
192819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
192919e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8e640000 LB 0x002a8000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
193019e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
193119e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8ef80000 LB 0x000e3000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
193219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
193319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff897a0000 LB 0x0004a000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
193419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
193519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff897a0000 'C:\Windows\system32\dataexchange.dll'
193619e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
193719e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
193819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
193919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
194019e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
194119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
194319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
194419e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
194519e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
194619e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
194719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff8fc80000 LB 0x00100000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
194819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
194919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
195019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
195119e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
195219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
195319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
195419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
195519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
195619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
195719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
195819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
195919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
196019e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
196119e8.28b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
196219e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
196319e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92520000 'C:\Windows\system32\ole32.dll'
196519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
196619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92b10000 'C:\Windows\system32\OLEAUT32.dll'
196819e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
196919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
197019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
197119e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
197219e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
197319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
197419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
197519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
197619e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
197719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
197819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
197919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
198019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
198119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
198219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
198319e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a20 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
198419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
198519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
198619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA
198719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
198819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
198919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
199019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
199119e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
199219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
199319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
199419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
199519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
199619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
199719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
199819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
199919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
200019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
200219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
200319e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
200419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
200519e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
200619e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
200719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
200819e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200919e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
201019e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
201119e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
201219e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff87ed0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
201319e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
201419e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff841c0000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
201519e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
201619e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
201719e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff915f0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
201819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff841c0000 'C:\Windows\system32\wbem\wbemprox.dll'
201919e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000994 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
202019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
202119e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
202219e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
202319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
202419e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
202519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
202619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
202719e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
202819e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
202919e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
203019e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
203119e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
203219e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
203319e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203419e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203519e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
203619e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
203719e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff82d50000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
203819e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
203919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff82d50000 'C:\Windows\system32\wbem\wbemsvc.dll'
204019e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
204119e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff915f0000 'api-ms-win-core-localization-l1-2-0.dll'
204219e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
204319e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff915f0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
204419e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a70 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
204519e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
204619e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
204719e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
204819e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
204919e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
205019e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
205119e8.28b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205219e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205319e8.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
205419e8.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
205519e8.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
205619e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
205719e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
205819e8.28b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
205919e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206019e8.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206119e8.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
206219e8.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
206319e8.28b4: supR3HardenedDllNotificationCallback: load 00007fff81960000 LB 0x000f6000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
206419e8.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
206519e8.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff81960000 'C:\Windows\system32\wbem\fastprox.dll'
206619e8.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
206719e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
206819e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
206919e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
207019e8.2ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
207119e8.2ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
207219e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
207319e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
207419e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
207519e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
207619e8.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
207719e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
207819e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
207919e8.2ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
208019e8.2ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
208119e8.2ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
208219e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
208319e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
208419e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208519e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
208619e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
208719e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
208819e8.2ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
208919e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
209019e8.2ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
209119e8.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209219e8.2ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
209319e8.2ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
209419e8.2ff4: supR3HardenedDllNotificationCallback: load 000000006b8f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
209519e8.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
209619e8.2ff4: supR3HardenedDllNotificationCallback: load 00007fff6fc10000 LB 0x00299000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
209719e8.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
209819e8.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fc10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
209919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
210019e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
210119e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
210219e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
210319e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F5AA7DDBA30AE24B0F6C58D09C880A3721404CA
210419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
210519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
210619e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1600_for_KB3172985~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
210719e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
210819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
210919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
211019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'.
211119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'ws2_32.dll'.
211219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'netsetupapi.dll'.
211319e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'setupapi.dll'.
211419e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
211519e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
211619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
211719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
211819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
211919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
212019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
212119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
212219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
212319e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
212419e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
212519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
212619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
212719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
212819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
212919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
213019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
213119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
213219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
213319e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
213419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
213519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
213619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
213719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
213819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
213919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
214019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
214119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
214219e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
214319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
214419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
214519e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
214619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
214719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
214819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
214919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
215119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
215219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
215319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
215519e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
215619e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
215719e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff88140000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
215819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
215919e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff920f0000 LB 0x00429000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
216019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
216119e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff88160000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
216219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
216319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88160000 'C:\Windows\System32\NetSetupShim.dll'
216419e8.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
216519e8.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
216619e8.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
216719e8.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
216819e8.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
216919e8.1368: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
217019e8.1368: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
217119e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
217219e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
217319e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
217419e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
217519e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
217619e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
217719e8.1368: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
217819e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
217919e8.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
218019e8.1368: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218119e8.1368: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
218219e8.1368: supR3HardenedDllNotificationCallback: load 00007fff8ec20000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
218319e8.1368: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
218419e8.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ec20000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
218519e8.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff927e0000 'C:\Windows\system32\User32.dll'
218619e8.2674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
218719e8.2674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
218819e8.2674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
218919e8.2674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
219019e8.2674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
219119e8.2674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
219219e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
219319e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
219419e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
219519e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
219619e8.2674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
219719e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
219819e8.2674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
219919e8.2674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
220019e8.2674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
220119e8.2674: supR3HardenedDllNotificationCallback: load 00007fff8bfa0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
220219e8.2674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
220319e8.2674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8bfa0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
220419e8.b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
220519e8.b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
220619e8.b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
220719e8.b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
220819e8.b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
220919e8.b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
221019e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
221119e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
221219e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
221319e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
221419e8.b04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
221519e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
221619e8.b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
221719e8.b04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
221819e8.b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
221919e8.b04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
222019e8.b04: supR3HardenedDllNotificationCallback: load 00007fff8bf80000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
222119e8.b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
222219e8.b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8bf80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
222319e8.b70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
222419e8.b70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
222519e8.b70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
222619e8.b70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
222719e8.b70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
222819e8.b70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
222919e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
223019e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
223119e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
223219e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
223319e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
223419e8.b70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
223519e8.b70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223619e8.b70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
223719e8.b70: supR3HardenedDllNotificationCallback: load 00007fff8bb60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
223819e8.b70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
223919e8.b70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
224019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff935d0000 'C:\Windows\system32\Shell32.dll'
224119e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
224219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
224319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fc10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
224419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
224519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
224619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
224719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
224819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
224919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
225019e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
225119e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
225219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
225319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
225419e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
225519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
225619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
225719e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
225819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
225919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
226019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
226119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
226219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
226319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
226419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
226519e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
226619e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff801d0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
226719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
226819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff801d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
226919e8.2bdc: supR3HardenedDllNotificationCallback: Unload 00007fff801d0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
227019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
227119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
227219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
227319e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
227419e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
227519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
227619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
227719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
227819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
227919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
228019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
228119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
228219e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
228319e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
228419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
228519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
228619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
228719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
228819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
228919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
229019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
229119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
229219e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
229319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
229419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
229519e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
229619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
229719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
229819e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
229919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
230019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
230119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
230219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
230319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
230419e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
230519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
230619e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
230719e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
230819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
230919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
231019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
231119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
231219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
231319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
231419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
231519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
231619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
231719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
231819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
231919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
232019e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
232119e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
232219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
232319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
232419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
232519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
232619e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
232719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
232819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
232919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
233019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
233119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
233219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
233319e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
233419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
233519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
233619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
233719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
233819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
233919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
234019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
234119e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
234219e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
234319e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
234419e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
234519e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff71f20000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
234619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
234719e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff801a0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
234819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
234919e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8c1d0000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
235019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
235119e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff68f00000 LB 0x008c4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
235219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
235319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff68f00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
235419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
235519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
235619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235719e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
235819e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff80170000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
235919e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
236019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80170000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
236119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
236219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
236319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
236419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
236519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
236619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
236719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
236819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff801a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
236919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
237019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
237119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
237219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
237319e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
237419e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
237519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
237619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
237719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
237819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
237919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
238019e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
238119e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8ba30000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
238219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
238319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ba30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
238419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
238519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
238619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
238719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
238819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
238919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
239019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
239119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
239219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
239319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
239419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
239519e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
239619e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff85ef0000 LB 0x00016000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
239719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
239819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85ef0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
239919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
240019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
240119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
240219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
240319e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
240419e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
240519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
240619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
240719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
240819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
240919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
241019e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
241119e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff82fd0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
241219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
241319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff82fd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
241419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
241519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
241619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
241719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
241819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
241919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
242019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
242119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
242219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
242319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
242419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242519e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
242619e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff81d70000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
242719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
242819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff81d70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
242919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
243019e8.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
243119e8.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
243219e8.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
243319e8.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
243419e8.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
243519e8.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
243619e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
243719e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
243819e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
243919e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
244019e8.a34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
244119e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
244219e8.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
244319e8.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244419e8.a34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
244519e8.a34: supR3HardenedDllNotificationCallback: load 00007fff8a890000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
244619e8.a34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
244719e8.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a890000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
244819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
244919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
245019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
245119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
245219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
245319e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
245419e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
245519e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
245619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
245719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
245819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
245919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
246019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
246119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
246219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
246319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
246419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246519e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
246619e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff71c20000 LB 0x0008a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
246719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
246819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff71c20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
246919e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e14 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
247019e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
247119e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
247219e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C46CF6D8C425A34B7EDE4E8FD0F2E4A8182CBB1
247319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
247419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
247519e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
247619e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
247719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
247919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
248019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
248119e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
248219e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
248319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
248419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
248519e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
248619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
248719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
248819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
248919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
249019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
249119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
249219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
249319e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
249419e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff7dc10000 LB 0x0009c000 C:\Windows\System32\dsound.dll [fFlags=0x0]
249519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
249619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
249719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
249819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7dc10000 'C:\Windows\System32\dsound.dll'
249919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7dc10000 'C:\Windows\System32\dsound.dll'
250019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
250119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
250219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7dc10000 'C:\Windows\system32\dsound.dll'
250319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
250419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
250519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
250619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
250719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
250819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
250919e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
251019e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
251119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
251219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
251319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
251419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
251519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
251619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
251719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
251819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
251919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
252019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
252119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
252219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
252319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
252419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
252519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
252619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
252719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
252819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
252919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
253019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
253119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
253219e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
253319e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
253419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
253519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
253619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
253719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
253819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
253919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
254019e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
254119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
254219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
254319e8.2bdc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
254419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
254519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
254619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
254719e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
254819e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
254919e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
255019e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8fb80000 LB 0x00027000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
255119e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
255219e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8e970000 LB 0x00186000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
255319e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
255419e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8d900000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
255519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
255619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8d900000 'C:\Windows\System32\MMDevApi.dll'
255719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
255819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8d900000 'C:\Windows\system32\MMDEVAPI.DLL'
256019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
256119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
256219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
256319e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e6c pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
256419e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
256519e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
256619e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E241BE9D4F52A26C9ED7BD86312051FE44DA417
256719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
256819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
256919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
257019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
257119e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
257219e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
257319e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
257419e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
257519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
257619e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
257719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
257819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
257919e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
258019e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
258119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
258219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
258319e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
258419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
258519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
258619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
258719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
258819e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
258919e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
259019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
259119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
259219e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
259319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
259419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
259519e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
259619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
259719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
259819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
259919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
260019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
260119e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
260219e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
260319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
260819e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
260919e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
261019e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
261119e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8b270000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
261219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
261319e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8d870000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
261419e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
261519e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff80120000 LB 0x00042000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
261619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
261719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
261819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
261919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
262019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
262119e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
262219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
262319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
262419e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
262519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
262619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
262719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
262819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
262919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
263019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
263119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
263219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
263319e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
263419e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
263519e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
263619e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
263719e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
263819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
263919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
264019e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
264119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
264219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
264319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
264419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
264519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
264619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
264719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264819e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
264919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
265119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
265219e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
265319e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
265419e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8c360000 LB 0x00136000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
265519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
265619e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff7eb50000 LB 0x00088000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
265719e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
265819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7eb50000 'C:\Windows\system32\AUDIOSES.DLL'
265919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
266019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
266119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
266219e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
266319e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
266419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
266519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
266619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
266719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
266819e8.2bdc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
266919e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
267019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
267119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
267319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
267419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff80120000 'C:\Windows\system32\wdmaud.drv'
267919e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
268019e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
268119e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
268219e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E2C15A147F336A77E08F63DA2B7DC249BAC5291
268319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
268419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
268519e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
268619e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
268719e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
268819e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
268919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
269019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
269119e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
269219e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
269319e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
269419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
269519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
269619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
269719e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
269819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
269919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
270019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
270119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
270219e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
270319e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
270419e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
270519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
270619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
270719e8.2bdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
270819e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
270919e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
271019e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
271119e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
271219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
271319e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
271419e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
271519e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff810a0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
271619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
271719e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8a270000 LB 0x0000c000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
271819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
271919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
272019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
272119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
272219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
272319e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
272419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
272519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
272619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
272719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
272819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
272919e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
273019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
273119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
273219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
273319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
273419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
273519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
273619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
273719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
273819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
273919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
274019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a270000 'C:\Windows\system32\msacm32.drv'
274119e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
274219e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001328f70
274319e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001328f70
274419e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C5FAE1499C6920F25025123B65102443C15281
274519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
274619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff91280000 'C:\Windows\system32\crypt32.dll'
274719e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
274819e8.2bdc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
274919e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
275019e8.2bdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
275119e8.2bdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
275219e8.2bdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
275319e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
275419e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
275519e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275619e8.2bdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
275719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
275819e8.2bdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
275919e8.2bdc: supR3HardenedDllNotificationCallback: load 00007fff8a090000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
276019e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
276119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a090000 'C:\Windows\system32\midimap.dll'
276219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
276319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
276419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a090000 'C:\Windows\system32\midimap.dll'
276519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
276619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
276719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a090000 'C:\Windows\system32\midimap.dll'
276819e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
276919e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
277019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8a090000 'C:\Windows\system32\midimap.dll'
277119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277619e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
277719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
277819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
277919e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
278019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
278119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7dc10000 'C:\Windows\system32\dsound.dll'
278219e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
278319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
278419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
278519e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
278619e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
278719e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7dc10000 'C:\Windows\system32\dsound.dll'
278819e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8ebf0000 'C:\Windows\system32\winmm.dll'
278919e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
279019e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279119e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fc10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
279219e8.2bdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
279319e8.2bdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279419e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff93170000 'C:\Windows\system32\kernel32.dll'
279519e8.2bdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff90770000 'C:\Windows\system32\rsaenh.dll'
27961630.2124: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6059 ms, the end);
27972ad8.57c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6474 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy