VirtualBox

Ticket #15900: VBoxHardening.log

File VBoxHardening.log, 342.9 KB (added by CM7, 8 years ago)
Line 
11c08.1510: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00
21c08.1510: \SystemRoot\System32\ntdll.dll:
31c08.1510: CreationTime: 2016-09-01T04:00:00.972765800Z
41c08.1510: LastWriteTime: 2016-09-01T04:00:00.972765800Z
51c08.1510: ChangeTime: 2016-09-01T04:00:58.207246400Z
61c08.1510: FileAttributes: 0x20
71c08.1510: Size: 0x1bc248
81c08.1510: NT Headers: 0xe0
91c08.1510: Timestamp: 0x571af2eb
101c08.1510: Machine: 0x8664 - amd64
111c08.1510: Timestamp: 0x571af2eb
121c08.1510: Image Version: 10.0
131c08.1510: SizeOfImage: 0x1c1000 (1839104)
141c08.1510: Resource Dir: 0x159000 LB 0x66218
151c08.1510: ProductName: Microsoft® Windows® Operating System
161c08.1510: ProductVersion: 10.0.10586.306
171c08.1510: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
181c08.1510: FileDescription: NT Layer DLL
191c08.1510: \SystemRoot\System32\kernel32.dll:
201c08.1510: CreationTime: 2015-10-30T07:17:46.221743200Z
211c08.1510: LastWriteTime: 2015-10-30T07:17:46.221743200Z
221c08.1510: ChangeTime: 2016-09-01T03:52:15.331254500Z
231c08.1510: FileAttributes: 0x20
241c08.1510: Size: 0xac430
251c08.1510: NT Headers: 0xf0
261c08.1510: Timestamp: 0x5632d5aa
271c08.1510: Machine: 0x8664 - amd64
281c08.1510: Timestamp: 0x5632d5aa
291c08.1510: Image Version: 10.0
301c08.1510: SizeOfImage: 0xad000 (708608)
311c08.1510: Resource Dir: 0xab000 LB 0x528
321c08.1510: ProductName: Microsoft® Windows® Operating System
331c08.1510: ProductVersion: 10.0.10586.0
341c08.1510: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
351c08.1510: FileDescription: Windows NT BASE API Client DLL
361c08.1510: \SystemRoot\System32\KernelBase.dll:
371c08.1510: CreationTime: 2016-09-01T04:00:00.972765800Z
381c08.1510: LastWriteTime: 2016-09-01T04:00:00.972765800Z
391c08.1510: ChangeTime: 2016-09-01T00:03:57.005872500Z
401c08.1510: FileAttributes: 0x20
411c08.1510: Size: 0x1e7a10
421c08.1510: NT Headers: 0xf0
431c08.1510: Timestamp: 0x5775e4c5
441c08.1510: Machine: 0x8664 - amd64
451c08.1510: Timestamp: 0x5775e4c5
461c08.1510: Image Version: 10.0
471c08.1510: SizeOfImage: 0x1e8000 (1998848)
481c08.1510: Resource Dir: 0x1d1000 LB 0x548
491c08.1510: ProductName: Microsoft® Windows® Operating System
501c08.1510: ProductVersion: 10.0.10586.494
511c08.1510: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
521c08.1510: FileDescription: Windows NT BASE API Client DLL
531c08.1510: \SystemRoot\System32\apisetschema.dll:
541c08.1510: CreationTime: 2015-10-30T07:17:57.502957900Z
551c08.1510: LastWriteTime: 2015-10-30T07:17:57.502957900Z
561c08.1510: ChangeTime: 2016-09-01T03:52:14.440627500Z
571c08.1510: FileAttributes: 0x20
581c08.1510: Size: 0x16d60
591c08.1510: NT Headers: 0xc8
601c08.1510: Timestamp: 0x5632d94c
611c08.1510: Machine: 0x8664 - amd64
621c08.1510: Timestamp: 0x5632d94c
631c08.1510: Image Version: 10.0
641c08.1510: SizeOfImage: 0x18000 (98304)
651c08.1510: Resource Dir: 0x17000 LB 0x400
661c08.1510: ProductName: Microsoft® Windows® Operating System
671c08.1510: ProductVersion: 10.0.10586.0
681c08.1510: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
691c08.1510: FileDescription: ApiSet Schema DLL
701c08.1510: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711c08.1510: supR3HardenedWinFindAdversaries: 0x0
721c08.1510: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
731c08.1510: Calling main()
741c08.1510: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
751c08.1510: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
761c08.1510: SUPR3HardenedMain: Respawn #1
771c08.1510: System32: \Device\HarddiskVolume2\Windows\System32
781c08.1510: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
791c08.1510: KnownDllPath: C:\WINDOWS\system32
801c08.1510: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
811c08.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
821c08.1510: supR3HardNtEnableThreadCreation:
831c08.1510: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffce8ad6d50 pvNtTerminateThread=00007ffce8b05b30
841c08.1510: supR3HardenedWinDoReSpawn(1): New child f8c.84c [kernel32].
851c08.1510: supR3HardNtChildGatherData: PebBaseAddress=000000000118b000 cbPeb=0x388
861c08.1510: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffce8a60000 uNtDllChildAddr=00007ffce8a60000
871c08.1510: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffce8ad6d50
881c08.1510: supR3HardenedWinSetupChildInit: Start child.
891c08.1510: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
901c08.1510: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 30 sleeps
911c08.1510: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
921c08.1510: *0000000000000000-ffffffffff0effff 0x0001/0x0000 0x0000000
931c08.1510: *0000000000f10000-0000000000eeffff 0x0004/0x0004 0x0020000
941c08.1510: *0000000000f30000-0000000000f1afff 0x0002/0x0002 0x0040000
951c08.1510: 0000000000f45000-0000000000f39fff 0x0001/0x0000 0x0000000
961c08.1510: *0000000000f50000-0000000000f4bfff 0x0002/0x0002 0x0040000
971c08.1510: 0000000000f54000-0000000000f47fff 0x0001/0x0000 0x0000000
981c08.1510: *0000000000f60000-0000000000f5dfff 0x0004/0x0004 0x0020000
991c08.1510: 0000000000f62000-0000000000ec3fff 0x0001/0x0000 0x0000000
1001c08.1510: *0000000001000000-0000000000e74fff 0x0000/0x0004 0x0020000
1011c08.1510: 000000000118b000-0000000001187fff 0x0004/0x0004 0x0020000
1021c08.1510: 000000000118e000-000000000111bfff 0x0000/0x0004 0x0020000
1031c08.1510: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
1041c08.1510: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
1051c08.1510: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
1061c08.1510: 0000000001300000-ffffffff8261ffff 0x0001/0x0000 0x0000000
1071c08.1510: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1081c08.1510: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1091c08.1510: 000000007fff0000-ffff800911feffff 0x0001/0x0000 0x0000000
1101c08.1510: *00007ff7edff0000-00007ff7edfccfff 0x0002/0x0002 0x0040000
1111c08.1510: 00007ff7ee013000-00007ff7ede35fff 0x0001/0x0000 0x0000000
1121c08.1510: *00007ff7ee1f0000-00007ff7ee1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131c08.1510: 00007ff7ee1f1000-00007ff7ee25ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141c08.1510: 00007ff7ee260000-00007ff7ee260fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151c08.1510: 00007ff7ee261000-00007ff7ee2a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161c08.1510: 00007ff7ee2a6000-00007ff7ee2a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171c08.1510: 00007ff7ee2a7000-00007ff7ee2a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181c08.1510: 00007ff7ee2a8000-00007ff7ee2acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1191c08.1510: 00007ff7ee2ad000-00007ff7ee2adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201c08.1510: 00007ff7ee2ae000-00007ff7ee2aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211c08.1510: 00007ff7ee2af000-00007ff7ee2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221c08.1510: 00007ff7ee2b3000-00007ff7ee2fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231c08.1510: 00007ff7ee2fb000-00007ff2f3b95fff 0x0001/0x0000 0x0000000
1241c08.1510: *00007ffce8a60000-00007ffce8a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1251c08.1510: 00007ffce8a61000-00007ffce8b5dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1261c08.1510: 00007ffce8b5e000-00007ffce8b9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1271c08.1510: 00007ffce8b9f000-00007ffce8ba7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1281c08.1510: 00007ffce8ba8000-00007ffce8bb4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1291c08.1510: 00007ffce8bb5000-00007ffce8bb5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1301c08.1510: 00007ffce8bb6000-00007ffce8bb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1311c08.1510: 00007ffce8bb9000-00007ffce8c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1321c08.1510: 00007ffce8c21000-00007ff9d1861fff 0x0001/0x0000 0x0000000
1331c08.1510: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1341c08.1510: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
1351c08.1510: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1361c08.1510: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1371c08.1510: supR3HardNtChildPurify: Done after 327 ms and 0 fixes (loop #0).
1381c08.1510: supR3HardNtEnableThreadCreation:
139f8c.84c: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
140f8c.84c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffce8a60000 g_uNtVerCombined=0xa0295a00
141f8c.84c: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
142f8c.84c: New simple heap: #1 0000000001400000 LB 0x400000 (for 1839104 allocation)
143f8c.84c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
144f8c.84c: System32: \Device\HarddiskVolume2\Windows\System32
145f8c.84c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
146f8c.84c: KnownDllPath: C:\WINDOWS\system32
147f8c.84c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
148f8c.84c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
149f8c.84c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
150f8c.84c: Registered Dll notification callback with NTDLL.
151f8c.84c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
152f8c.84c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
153f8c.84c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
154f8c.84c: supR3HardenedDllNotificationCallback: load 00007ffce5b90000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
155f8c.84c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
156f8c.84c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
157f8c.84c: supR3HardenedDllNotificationCallback: load 00007ffce7a90000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
158f8c.84c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
159f8c.84c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7a90000 'C:\WINDOWS\system32\KERNEL32.DLL'
160f8c.84c: supR3HardenedDllNotificationCallback: load 00007ff7ee1f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
161f8c.84c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
162f8c.84c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
163f8c.84c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
164f8c.84c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffce8ad6d50 pvNtTerminateThread=00007ffce8b05b30
1651c08.1510: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 151 ms.
166f8c.84c: \SystemRoot\System32\ntdll.dll:
167f8c.84c: CreationTime: 2016-09-01T04:00:00.972765800Z
168f8c.84c: LastWriteTime: 2016-09-01T04:00:00.972765800Z
169f8c.84c: ChangeTime: 2016-09-01T04:00:58.207246400Z
170f8c.84c: FileAttributes: 0x20
171f8c.84c: Size: 0x1bc248
172f8c.84c: NT Headers: 0xe0
173f8c.84c: Timestamp: 0x571af2eb
174f8c.84c: Machine: 0x8664 - amd64
175f8c.84c: Timestamp: 0x571af2eb
176f8c.84c: Image Version: 10.0
177f8c.84c: SizeOfImage: 0x1c1000 (1839104)
178f8c.84c: Resource Dir: 0x159000 LB 0x66218
179f8c.84c: ProductName: Microsoft® Windows® Operating System
180f8c.84c: ProductVersion: 10.0.10586.306
181f8c.84c: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
182f8c.84c: FileDescription: NT Layer DLL
183f8c.84c: \SystemRoot\System32\kernel32.dll:
184f8c.84c: CreationTime: 2015-10-30T07:17:46.221743200Z
185f8c.84c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
186f8c.84c: ChangeTime: 2016-09-01T03:52:15.331254500Z
187f8c.84c: FileAttributes: 0x20
188f8c.84c: Size: 0xac430
189f8c.84c: NT Headers: 0xf0
190f8c.84c: Timestamp: 0x5632d5aa
191f8c.84c: Machine: 0x8664 - amd64
192f8c.84c: Timestamp: 0x5632d5aa
193f8c.84c: Image Version: 10.0
194f8c.84c: SizeOfImage: 0xad000 (708608)
195f8c.84c: Resource Dir: 0xab000 LB 0x528
196f8c.84c: ProductName: Microsoft® Windows® Operating System
197f8c.84c: ProductVersion: 10.0.10586.0
198f8c.84c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
199f8c.84c: FileDescription: Windows NT BASE API Client DLL
200f8c.84c: \SystemRoot\System32\KernelBase.dll:
201f8c.84c: CreationTime: 2016-09-01T04:00:00.972765800Z
202f8c.84c: LastWriteTime: 2016-09-01T04:00:00.972765800Z
203f8c.84c: ChangeTime: 2016-09-01T00:03:57.005872500Z
204f8c.84c: FileAttributes: 0x20
205f8c.84c: Size: 0x1e7a10
206f8c.84c: NT Headers: 0xf0
207f8c.84c: Timestamp: 0x5775e4c5
208f8c.84c: Machine: 0x8664 - amd64
209f8c.84c: Timestamp: 0x5775e4c5
210f8c.84c: Image Version: 10.0
211f8c.84c: SizeOfImage: 0x1e8000 (1998848)
212f8c.84c: Resource Dir: 0x1d1000 LB 0x548
213f8c.84c: ProductName: Microsoft® Windows® Operating System
214f8c.84c: ProductVersion: 10.0.10586.494
215f8c.84c: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
216f8c.84c: FileDescription: Windows NT BASE API Client DLL
217f8c.84c: \SystemRoot\System32\apisetschema.dll:
218f8c.84c: CreationTime: 2015-10-30T07:17:57.502957900Z
219f8c.84c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
220f8c.84c: ChangeTime: 2016-09-01T03:52:14.440627500Z
221f8c.84c: FileAttributes: 0x20
222f8c.84c: Size: 0x16d60
223f8c.84c: NT Headers: 0xc8
224f8c.84c: Timestamp: 0x5632d94c
225f8c.84c: Machine: 0x8664 - amd64
226f8c.84c: Timestamp: 0x5632d94c
227f8c.84c: Image Version: 10.0
228f8c.84c: SizeOfImage: 0x18000 (98304)
229f8c.84c: Resource Dir: 0x17000 LB 0x400
230f8c.84c: ProductName: Microsoft® Windows® Operating System
231f8c.84c: ProductVersion: 10.0.10586.0
232f8c.84c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
233f8c.84c: FileDescription: ApiSet Schema DLL
234f8c.84c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
235f8c.84c: supR3HardenedWinFindAdversaries: 0x0
236f8c.84c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
237f8c.84c: Calling main()
238f8c.84c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
239f8c.84c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
240f8c.84c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
241f8c.84c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
242f8c.84c: SUPR3HardenedMain: Respawn #2
243f8c.84c: supR3HardNtEnableThreadCreation:
244f8c.84c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffce8ad6d50 pvNtTerminateThread=00007ffce8b05b30
245f8c.84c: supR3HardenedWinDoReSpawn(2): New child 1f94.1b3c [kernel32].
246f8c.84c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
247f8c.84c: supR3HardNtChildGatherData: PebBaseAddress=0000000000743000 cbPeb=0x388
248f8c.84c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffce8a60000 uNtDllChildAddr=00007ffce8a60000
249f8c.84c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffce8ad6d50
250f8c.84c: supR3HardenedWinSetupChildInit: Start child.
251f8c.84c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
252f8c.84c: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 30 sleeps
253f8c.84c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
254f8c.84c: *0000000000000000-ffffffffffa8ffff 0x0001/0x0000 0x0000000
255f8c.84c: *0000000000570000-000000000054ffff 0x0004/0x0004 0x0020000
256f8c.84c: *0000000000590000-000000000057afff 0x0002/0x0002 0x0040000
257f8c.84c: 00000000005a5000-0000000000599fff 0x0001/0x0000 0x0000000
258f8c.84c: *00000000005b0000-00000000005abfff 0x0002/0x0002 0x0040000
259f8c.84c: 00000000005b4000-00000000005a7fff 0x0001/0x0000 0x0000000
260f8c.84c: *00000000005c0000-00000000005bdfff 0x0004/0x0004 0x0020000
261f8c.84c: 00000000005c2000-0000000000583fff 0x0001/0x0000 0x0000000
262f8c.84c: *0000000000600000-00000000004bcfff 0x0000/0x0004 0x0020000
263f8c.84c: 0000000000743000-000000000073ffff 0x0004/0x0004 0x0020000
264f8c.84c: 0000000000746000-000000000068bfff 0x0000/0x0004 0x0020000
265f8c.84c: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
266f8c.84c: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
267f8c.84c: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
268f8c.84c: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000
269f8c.84c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
270f8c.84c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
271f8c.84c: 000000007fff0000-ffff8009126bffff 0x0001/0x0000 0x0000000
272f8c.84c: *00007ff7ed920000-00007ff7ed8fcfff 0x0002/0x0002 0x0040000
273f8c.84c: 00007ff7ed943000-00007ff7ed095fff 0x0001/0x0000 0x0000000
274f8c.84c: *00007ff7ee1f0000-00007ff7ee1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
275f8c.84c: 00007ff7ee1f1000-00007ff7ee25ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
276f8c.84c: 00007ff7ee260000-00007ff7ee260fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
277f8c.84c: 00007ff7ee261000-00007ff7ee2a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
278f8c.84c: 00007ff7ee2a6000-00007ff7ee2a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
279f8c.84c: 00007ff7ee2a7000-00007ff7ee2a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
280f8c.84c: 00007ff7ee2a8000-00007ff7ee2acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
281f8c.84c: 00007ff7ee2ad000-00007ff7ee2adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
282f8c.84c: 00007ff7ee2ae000-00007ff7ee2aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
283f8c.84c: 00007ff7ee2af000-00007ff7ee2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
284f8c.84c: 00007ff7ee2b3000-00007ff7ee2fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
285f8c.84c: 00007ff7ee2fb000-00007ff2f3b95fff 0x0001/0x0000 0x0000000
286f8c.84c: *00007ffce8a60000-00007ffce8a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
287f8c.84c: 00007ffce8a61000-00007ffce8b5dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
288f8c.84c: 00007ffce8b5e000-00007ffce8b9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
289f8c.84c: 00007ffce8b9f000-00007ffce8ba7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
290f8c.84c: 00007ffce8ba8000-00007ffce8bb4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
291f8c.84c: 00007ffce8bb5000-00007ffce8bb5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
292f8c.84c: 00007ffce8bb6000-00007ffce8bb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
293f8c.84c: 00007ffce8bb9000-00007ffce8c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
294f8c.84c: 00007ffce8c21000-00007ff9d1861fff 0x0001/0x0000 0x0000000
295f8c.84c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
296f8c.84c: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
297f8c.84c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
298f8c.84c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
299f8c.84c: supR3HardNtChildPurify: Done after 327 ms and 0 fixes (loop #0).
3001f94.1b3c: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
3011f94.1b3c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffce8a60000 g_uNtVerCombined=0xa0295a00
3021f94.1b3c: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
3031f94.1b3c: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1839104 allocation)
304f8c.84c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
305f8c.84c: supR3HardNtEnableThreadCreation:
3061f94.1b3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3071f94.1b3c: System32: \Device\HarddiskVolume2\Windows\System32
3081f94.1b3c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3091f94.1b3c: KnownDllPath: C:\WINDOWS\system32
3101f94.1b3c: supR3HardenedVmProcessInit: Opening vboxdrv...
3111f94.1b3c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3121f94.1b3c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3131f94.1b3c: Registered Dll notification callback with NTDLL.
3141f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3151f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3161f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3171f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5b90000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
3181f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3191f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3201f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7a90000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
3211f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3221f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7a90000 'C:\WINDOWS\system32\KERNEL32.DLL'
3231f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ff7ee1f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3241f94.1b3c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3251f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3261f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3271f94.1b3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffce8ad6d50 pvNtTerminateThread=00007ffce8b05b30
328f8c.84c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 163 ms.
3291f94.1b3c: \SystemRoot\System32\ntdll.dll:
3301f94.1b3c: CreationTime: 2016-09-01T04:00:00.972765800Z
3311f94.1b3c: LastWriteTime: 2016-09-01T04:00:00.972765800Z
3321f94.1b3c: ChangeTime: 2016-09-01T04:00:58.207246400Z
3331f94.1b3c: FileAttributes: 0x20
3341f94.1b3c: Size: 0x1bc248
3351f94.1b3c: NT Headers: 0xe0
3361f94.1b3c: Timestamp: 0x571af2eb
3371f94.1b3c: Machine: 0x8664 - amd64
3381f94.1b3c: Timestamp: 0x571af2eb
3391f94.1b3c: Image Version: 10.0
3401f94.1b3c: SizeOfImage: 0x1c1000 (1839104)
3411f94.1b3c: Resource Dir: 0x159000 LB 0x66218
3421f94.1b3c: ProductName: Microsoft® Windows® Operating System
3431f94.1b3c: ProductVersion: 10.0.10586.306
3441f94.1b3c: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
3451f94.1b3c: FileDescription: NT Layer DLL
3461f94.1b3c: \SystemRoot\System32\kernel32.dll:
3471f94.1b3c: CreationTime: 2015-10-30T07:17:46.221743200Z
3481f94.1b3c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
3491f94.1b3c: ChangeTime: 2016-09-01T03:52:15.331254500Z
3501f94.1b3c: FileAttributes: 0x20
3511f94.1b3c: Size: 0xac430
3521f94.1b3c: NT Headers: 0xf0
3531f94.1b3c: Timestamp: 0x5632d5aa
3541f94.1b3c: Machine: 0x8664 - amd64
3551f94.1b3c: Timestamp: 0x5632d5aa
3561f94.1b3c: Image Version: 10.0
3571f94.1b3c: SizeOfImage: 0xad000 (708608)
3581f94.1b3c: Resource Dir: 0xab000 LB 0x528
3591f94.1b3c: ProductName: Microsoft® Windows® Operating System
3601f94.1b3c: ProductVersion: 10.0.10586.0
3611f94.1b3c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3621f94.1b3c: FileDescription: Windows NT BASE API Client DLL
3631f94.1b3c: \SystemRoot\System32\KernelBase.dll:
3641f94.1b3c: CreationTime: 2016-09-01T04:00:00.972765800Z
3651f94.1b3c: LastWriteTime: 2016-09-01T04:00:00.972765800Z
3661f94.1b3c: ChangeTime: 2016-09-01T00:03:57.005872500Z
3671f94.1b3c: FileAttributes: 0x20
3681f94.1b3c: Size: 0x1e7a10
3691f94.1b3c: NT Headers: 0xf0
3701f94.1b3c: Timestamp: 0x5775e4c5
3711f94.1b3c: Machine: 0x8664 - amd64
3721f94.1b3c: Timestamp: 0x5775e4c5
3731f94.1b3c: Image Version: 10.0
3741f94.1b3c: SizeOfImage: 0x1e8000 (1998848)
3751f94.1b3c: Resource Dir: 0x1d1000 LB 0x548
3761f94.1b3c: ProductName: Microsoft® Windows® Operating System
3771f94.1b3c: ProductVersion: 10.0.10586.494
3781f94.1b3c: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
3791f94.1b3c: FileDescription: Windows NT BASE API Client DLL
3801f94.1b3c: \SystemRoot\System32\apisetschema.dll:
3811f94.1b3c: CreationTime: 2015-10-30T07:17:57.502957900Z
3821f94.1b3c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
3831f94.1b3c: ChangeTime: 2016-09-01T03:52:14.440627500Z
3841f94.1b3c: FileAttributes: 0x20
3851f94.1b3c: Size: 0x16d60
3861f94.1b3c: NT Headers: 0xc8
3871f94.1b3c: Timestamp: 0x5632d94c
3881f94.1b3c: Machine: 0x8664 - amd64
3891f94.1b3c: Timestamp: 0x5632d94c
3901f94.1b3c: Image Version: 10.0
3911f94.1b3c: SizeOfImage: 0x18000 (98304)
3921f94.1b3c: Resource Dir: 0x17000 LB 0x400
3931f94.1b3c: ProductName: Microsoft® Windows® Operating System
3941f94.1b3c: ProductVersion: 10.0.10586.0
3951f94.1b3c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3961f94.1b3c: FileDescription: ApiSet Schema DLL
3971f94.1b3c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3981f94.1b3c: supR3HardenedWinFindAdversaries: 0x0
3991f94.1b3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4001f94.1b3c: Calling main()
4011f94.1b3c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4021f94.1b3c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4031f94.1b3c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4041f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4051f94.1b3c: SUPR3HardenedMain: Final process, opening VBoxDrv...
4061f94.1b3c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
4071f94.1b3c: supR3HardNtEnableThreadCreation:
4081f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4091f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4101f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4111f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4121f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce1410000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4131f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4141f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4151f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4161f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce1410000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4171f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4181f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4191f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce1410000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4201f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce1410000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4211f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4221f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4231f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4241f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4251f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4261f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4291f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4301f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4321f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4331f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4341f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
4351f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4361f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4381f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4391f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4401f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4411f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4431f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4441f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4451f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4461f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4471f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4481f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4491f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4501f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4511f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4521f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7d70000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
4531f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4541f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce50b0000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
4551f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4561f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce51d0000 LB 0x001c8000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
4571f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4581f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7e10000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
4591f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4601f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5b30000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
4611f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4621f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\WINDOWS\system32\Wintrust.dll'
4631f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4641f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4651f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4661f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4671f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce4f90000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
4681f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4691f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4f90000 'C:\WINDOWS\system32\bcrypt.dll'
4701f94.1b3c: bcrypt.dll loaded at 00007ffce4f90000, BCryptOpenAlgorithmProvider at 00007ffce4f93b50, preloading providers:
4711f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
4721f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
4731f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4741f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce53a0000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
4751f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4761f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce53a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
4771f94.1b3c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e99990)
4781f94.1b3c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e9a050)
4791f94.1b3c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e9a320)
4801f94.1b3c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e9a680)
4811f94.1b3c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e9a9e0)
4821f94.1b3c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e9b500)
4831f94.1b3c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e9b810)
4841f94.1b3c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e9bae0)
4851f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4861f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4871f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
4881f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4891f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4901f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
4911f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4921f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4931f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
4941f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4951f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4961f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
4971f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4981f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4991f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
5001f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5011f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5021f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
5031f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5041f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5051f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
5061f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5071f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5081f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce49e0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5091f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5101f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5111f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5121f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5131f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5151f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5161f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5171f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5181f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce4670000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5191f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5201f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
5211f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5221f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5231f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5241f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce4b00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5251f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5261f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5291f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5301f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5311f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7a90000 'C:\WINDOWS\system32\kernel32.dll'
5321f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5331f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
5341f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5351f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5361f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\CRYPT32.dll'
5371f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5ff0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
5381f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5391f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5401f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5411f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5441f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5461f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
5471f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7f30000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
5481f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5491f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5501f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5511f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5521f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5531f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5541f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5551f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce4060000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5561f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5571f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce50d0000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
5581f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5591f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
5601f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5611f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5621f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
5631f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
5641f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5651f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5661f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5671f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5681f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5691f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5701f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5711f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5721f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5731f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5741f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5751f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5761f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5771f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5781f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5791f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5801f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5811f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcd3050000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
5821f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5831f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5841f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5851f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
5861f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5871f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5881f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
5891f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5901f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5911f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
5921f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5931f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5941f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
5951f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5961f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5971f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
5981f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5991f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6001f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6011f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6021f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6031f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6041f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6051f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6061f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6071f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6081f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6091f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6101f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6111f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\WINDOWS\system32\cryptnet.dll'
6121f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6131f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\Windows\System32\cryptnet.dll'
6141f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce89b0000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
6151f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6161f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6171f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
6181f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6191f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6201f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6231f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6251f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6261f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6291f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6301f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6311f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6321f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6331f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6341f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6351f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6361f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f185d0
6371f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
6381f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
6391f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6411f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7e10000 'C:\WINDOWS\system32\rpcrt4.dll'
6421f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6431f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6441f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6461f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6471f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6481f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6491f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6501f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6511f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6521f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6531f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6541f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6551f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6561f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
6571f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6581f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6591f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6601f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6611f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6621f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6631f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1999_for_KB3176493~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
6641f94.1b3c: g_pfnWinVerifyTrust=00007ffce5b374d0
6651f94.1b3c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6661f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6671f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6681f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6691f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6701f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6711f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6721f94.1b3c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
6731f94.1b3c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6741f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6751f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6761f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6771f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6781f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6791f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6801f94.1b3c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
6811f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6821f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6831f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6841f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6851f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
6861f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6871f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
6881f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
6891f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
6901f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6911f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6921f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6931f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6941f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6951f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6961f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6971f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
6981f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
6991f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7001f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7011f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7021f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7031f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7041f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7051f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7061f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7071f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7081f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7091f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7101f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7111f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7121f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7131f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7141f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7151f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7161f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7171f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7181f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7191f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7201f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7211f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7221f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7231f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7241f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7251f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7261f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7271f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7281f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7291f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7301f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7311f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7321f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7331f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7341f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7351f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7361f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7371f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7381f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7391f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7411f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7421f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7431f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7441f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7451f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7461f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7471f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7481f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7491f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
7501f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7511f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7521f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
7531f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7541f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7551f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7561f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7571f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7581f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7591f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7601f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7611f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7621f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7631f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x8fe279bdb46fee00 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
7641f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7651f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7661f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7671f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
7681f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7691f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7701f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7711f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
7721f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7731f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7741f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7751f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7761f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7771f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
7781f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7791f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7801f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
7811f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
7821f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
7831f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
7841f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
7851f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
7861f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
7871f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
7881f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
7891f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
7901f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
7911f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
7921f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
7931f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
7941f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
7951f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
7961f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
7971f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
7981f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
7991f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8001f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8011f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8021f94.1b3c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8031f94.1b3c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
8041f94.1b3c: SUPR3HardenedMain: Load Runtime...
8051f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
8061f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8071f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8081f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8091f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8101f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8111f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8121f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8131f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8141f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8151f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8161f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8171f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
8181f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
8191f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8201f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8211f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8231f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8251f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8261f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8271f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
8281f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8291f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8301f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8321f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8331f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8341f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8351f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8361f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8371f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8381f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
8391f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8411f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8421f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8431f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8441f94.1b3c: supR3HardenedDllNotificationCallback: load 000000005b130000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8451f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8461f94.1b3c: supR3HardenedDllNotificationCallback: load 000000005b210000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8471f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8481f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7cf0000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
8491f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8501f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffccdca0000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8511f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8521f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8531f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8541f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8551f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8561f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8571f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8581f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8591f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8601f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8611f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8621f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8631f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8641f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8651f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8661f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8671f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8681f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8691f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8701f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8711f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8721f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8731f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8741f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8751f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8761f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8771f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8781f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8791f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8801f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8811f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8821f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8831f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8841f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8851f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8861f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8881f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8891f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8911f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8921f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8931f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8941f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8981f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8991f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9021f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccdca0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9031f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\WINDOWS\system32\Wintrust.dll'
9041f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9051f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
9061f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9071f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
9081f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
9091f94.1b3c: SUPR3HardenedMain: Load TrustedMain...
9101f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9111f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9121f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9131f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9141f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9151f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9161f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9171f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9181f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9191f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9201f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9211f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9221f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9231f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9241f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9251f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9261f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9271f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
9281f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9291f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9321f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9331f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
9341f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9351f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9361f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
9371f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9381f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9391f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9401f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9411f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9431f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
9441f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
9451f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9461f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9481f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9491f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9501f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9511f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9521f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9531f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9541f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9551f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9561f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9581f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9591f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9601f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9611f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
9621f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
9631f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9641f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9651f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9661f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9671f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9681f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9691f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
9701f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9711f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
9721f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
9731f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
9741f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
9751f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9761f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9771f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9781f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9791f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9801f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9811f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9821f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
9831f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9841f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
9851f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
9861f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
9871f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
9881f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9891f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9901f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9911f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9921f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
9931f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9941f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9951f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9971f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
9981f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9991f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10001f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
10011f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10021f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
10031f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
10041f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
10051f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
10061f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
10071f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10081f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10091f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10101f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10111f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10121f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
10131f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10151f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10161f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10181f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10191f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10201f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10231f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
10241f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
10251f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10261f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
10271f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
10281f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
10291f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10321f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10331f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10341f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10351f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
10361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10381f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10391f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10401f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10411f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10441f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
10451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
10461f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10481f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10491f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
10501f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10511f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10521f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10531f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10541f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10551f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10561f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
10571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
10581f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10591f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10601f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10611f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10621f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10631f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10641f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10651f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10661f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10671f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10681f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10691f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10701f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10711f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10721f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10731f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10741f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10751f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10761f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
10771f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
10781f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10791f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10801f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10811f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
10821f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
10831f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10841f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10851f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10861f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10871f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
10881f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10891f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10901f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
10911f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10921f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
10931f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
10941f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
10951f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
10961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10971f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10981f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10991f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11001f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11011f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11021f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11031f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11041f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11051f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11061f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11071f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11081f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11091f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11101f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11111f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11121f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11131f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11151f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11161f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11181f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11191f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11201f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11221f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11231f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11251f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11261f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11281f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11291f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11311f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
11321f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11331f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11341f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
11351f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
11361f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
11371f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11381f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
11391f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
11401f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11411f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11421f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11441f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11451f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11461f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11481f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
11491f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
11501f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
11511f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11521f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11531f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11551f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11561f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11581f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11591f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
11601f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11611f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11621f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11631f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11641f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11651f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11661f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11671f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11681f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11691f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
11701f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
11711f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
11721f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11731f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
11741f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
11751f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
11761f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
11771f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
11781f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11791f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11801f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
11811f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11821f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
11831f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11841f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
11851f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
11861f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11871f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11881f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11891f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11901f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11911f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11921f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11931f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11941f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11951f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11971f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11981f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
11991f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12001f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12011f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
12021f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
12031f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
12041f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12051f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12061f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12071f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
12081f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
12091f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12101f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12111f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12121f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12131f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12151f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12161f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12181f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12191f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12201f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12231f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12241f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
12251f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12261f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12271f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12281f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12291f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12301f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12311f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
12321f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
12331f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
12341f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
12351f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12371f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
12381f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12391f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12401f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12411f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12431f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
12441f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12451f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
12461f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
12471f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
12481f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
12491f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
12501f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
12511f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
12521f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
12531f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12551f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12561f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12571f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12581f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
12591f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12601f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12611f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12621f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12631f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12641f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12651f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12661f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12671f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12681f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12691f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12701f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12711f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12721f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12731f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12741f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12751f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12761f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12771f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
12781f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12791f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12801f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
12811f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
12821f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
12831f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12841f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
12851f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
12861f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
12871f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
12881f94.1b3c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
12891f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12901f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
12911f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll)
12921f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
12931f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12941f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12951f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
12971f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
12981f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
12991f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13001f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13011f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13021f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
13031f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
13041f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13051f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13061f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13071f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13081f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13091f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
13101f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13111f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
13121f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
13131f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13141f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13151f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13161f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13181f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13191f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13201f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13231f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13251f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13261f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13291f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13301f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13321f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13331f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13341f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13351f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13381f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13391f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
13411f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13441f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
13461f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13481f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13491f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
13501f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
13511f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
13521f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13531f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13541f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13551f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
13561f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
13571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13581f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13591f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13601f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13611f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13621f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13631f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13641f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
13651f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000414 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
13661f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
13671f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
13681f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
13691f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
13701f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
13711f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13721f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13731f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13741f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13751f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13761f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13771f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13781f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13791f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13801f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13811f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13821f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
13831f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13841f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
13851f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13861f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
13871f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13881f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13891f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13901f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
13911f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
13921f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13931f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
13941f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13951f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\davhlpr.dll)
13961f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
13971f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce6350000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
13981f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
13991f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5e40000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
14001f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14011f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce1300000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14021f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14031f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcd2360000 LB 0x000fa000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
14041f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14051f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce1310000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14061f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14071f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffccf6f0000 LB 0x00129000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14081f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14091f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5180000 LB 0x00043000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
14101f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
14111f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
14121f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce60d0000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
14131f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14141f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce6070000 LB 0x00052000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
14151f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14161f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce50c0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
14171f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
14181f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14191f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14201f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14211f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5d80000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
14221f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14231f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
14241f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
14251f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14261f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14271f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5060000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
14281f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14291f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
14301f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14311f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14321f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5410000 LB 0x00645000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
14331f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14341f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14351f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
14361f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
14371f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14381f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14391f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce6520000 LB 0x0155c000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
14401f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14411f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce8380000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
14421f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14431f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce0790000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
14441f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14451f94.1b3c: supR3HardenedDllNotificationCallback: load 000000005abd0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
14461f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14471f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffccce00000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
14481f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14491f94.1b3c: supR3HardenedDllNotificationCallback: load 000000005a680000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
14501f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14511f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdce00000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14521f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14531f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdd2e0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
14541f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
14551f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce50f0000 LB 0x00086000 C:\WINDOWS\system32\FirewallAPI.dll [fFlags=0x0]
14561f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
14571f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce5a60000 LB 0x00017000 C:\WINDOWS\system32\NETAPI32.dll [fFlags=0x0]
14581f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
14591f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdead0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
14601f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
14611f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce8060000 LB 0x0010b000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
14621f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
14631f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdfc70000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
14641f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14651f94.1b3c: supR3HardenedDllNotificationCallback: load 000000005a620000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
14661f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14671f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce7f90000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
14681f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14691f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcde240000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14701f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14711f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcde310000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
14721f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14731f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffccd3b0000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
14741f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14751f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
14761f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
14771f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
14781f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
14791f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
14801f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
14811f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
14821f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
14831f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
14841f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
14851f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll'.
14861f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll' [rescheduled]
14871f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
14881f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
14891f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
14901f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
14911f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
14921f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
14931f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
14941f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll' [rescheduled]
14951f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
14961f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rescheduled]
14971f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
14981f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
14991f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
15001f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
15011f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15021f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
15031f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15041f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
15051f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15061f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15071f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
15081f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
15091f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15101f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15111f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15121f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
15131f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15141f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15151f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15161f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15171f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15181f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15191f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15201f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15211f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15221f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15231f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15251f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15261f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15271f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15281f94.1b3c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15291f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15321f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15331f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15341f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15351f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15381f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15391f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15401f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15411f94.1b3c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15441f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15451f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15461f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15481f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15491f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15501f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15511f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15521f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15531f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15551f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15561f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15571f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15581f94.1b3c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15591f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15601f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15611f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15621f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15631f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce8530000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0]
15641f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
15651f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8530000 'C:\WINDOWS\system32\IMM32.DLL'
15661f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15671f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15681f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15691f94.1b3c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15701f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
15711f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15721f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8530000 'C:\WINDOWS\system32\imm32.dll'
15731f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15741f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
15751f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fwbase.dll)
15761f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fwbase.dll
15771f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce3e10000 LB 0x00032000 C:\WINDOWS\SYSTEM32\fwbase.dll [fFlags=0x0]
15781f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
15791f94.1b3c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\fwbase.dll'.
15801f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\fwbase.dll' [rescheduled]
15811f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15821f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15831f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15841f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15851f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15861f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15871f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15881f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce89b0000 'C:\WINDOWS\system32\ADVAPI32.DLL'
15891f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccd3b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
15901f94.1b3c: SUPR3HardenedMain: Calling TrustedMain (00007ffccd3b1610)...
15911f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15921f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15931f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6520000 'C:\WINDOWS\system32\shell32.dll'
15941f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
15951f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
15961f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
15971f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
15981f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
15991f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
16001f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16011f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16021f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16031f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16041f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16051f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16061f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16071f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16081f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16091f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16101f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16111f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16121f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16131f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16151f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16161f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16181f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16191f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16201f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16211f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
16221f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
16231f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16241f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16251f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16261f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16271f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16291f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16321f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16331f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16341f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16351f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16381f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16391f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
16401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
16411f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16421f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16431f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16441f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16461f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16471f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffccf5c0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16481f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16491f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccf5c0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16501f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000604 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16511f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
16521f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
16531f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
16541f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
16551f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
16561f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
16571f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16581f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16591f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
16601f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
16611f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
16621f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16631f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16641f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16651f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16661f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16671f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16681f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16691f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16701f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16711f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce3d20000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
16721f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16731f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce3d20000 'C:\WINDOWS\system32\uxtheme.dll'
16741f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6350000 'C:\WINDOWS\system32\user32.dll'
16751f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16761f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16771f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6520000 'C:\WINDOWS\system32\shell32.dll'
16781f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
16791f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
16801f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
16811f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
16821f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16831f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5d80000 'C:\WINDOWS\system32\SHCore.dll'
16841f94.1b3c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
16851f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16861f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
16871f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16881f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
16891f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
16901f94.1b3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
16911f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16921f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce3330000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
16931f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16941f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16951f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
16961f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
16971f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
16981f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16991f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17001f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17011f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17021f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17031f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17041f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17051f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
17061f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
17071f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17081f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17091f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17101f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17111f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17121f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
17131f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17141f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17151f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
17161f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17171f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17181f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6520000 'C:\WINDOWS\system32\shell32.dll'
17191f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17201f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17211f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce3d20000 'C:\WINDOWS\system32\uxtheme.dll'
17221f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17231f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17241f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce89b0000 'C:\WINDOWS\system32\advapi32.dll'
17251f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
17261f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
17271f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17281f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17291f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
17301f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17311f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17321f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17331f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17341f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17351f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17361f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17371f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17381f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17391f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17401f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17411f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce47c0000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17421f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17431f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce47c0000 'C:\WINDOWS\system32\userenv.dll'
17441f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17461f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7a90000 'C:\WINDOWS\system32\kernel32.dll'
17471f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce8170000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
17481f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17491f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17501f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
17511f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
17521f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17531f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17541f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17551f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17561f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
17571f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
17581f94.168c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
17591f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
17601f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17611f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17621f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17631f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17641f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17651f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17661f94.168c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17671f94.168c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17681f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17691f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17701f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17711f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17721f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17731f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17741f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17751f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17761f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17771f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17781f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17791f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17801f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17811f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17821f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17831f94.168c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17841f94.168c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17851f94.168c: supR3HardenedDllNotificationCallback: load 00007ffcc23e0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17861f94.168c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17871f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc23e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17881f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
17891f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17901f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17911f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17921f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17931f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17941f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17951f94.168c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17961f94.168c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
17971f94.168c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17981f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17991f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18001f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18011f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18021f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18031f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18041f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18051f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18061f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18071f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18081f94.168c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18091f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18101f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
18111f94.168c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18121f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18131f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18141f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18151f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18161f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18171f94.168c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18181f94.168c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18191f94.168c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18201f94.168c: supR3HardenedDllNotificationCallback: load 00007ffcdfbb0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
18211f94.168c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18221f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdfbb0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
18231f94.168c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18241f94.168c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18251f94.168c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7f90000 'C:\Windows\System32\oleaut32.dll'
18261f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5e40000 'C:\WINDOWS\system32\gdi32.dll'
18271f94.1258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18281f94.1258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18291f94.1258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18301f94.1258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18311f94.1258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18321f94.1258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
18331f94.1258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18341f94.1258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18351f94.1258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18361f94.1258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18371f94.1258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18381f94.1258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18391f94.1258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18401f94.1258: supR3HardenedDllNotificationCallback: load 00007ffce0cd0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
18411f94.1258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18421f94.1258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0cd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
18431f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce8220000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
18441f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18451f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
18461f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
18471f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
18481f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
18491f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
18501f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18511f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18521f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18531f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18551f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18561f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18581f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18591f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
18601f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18611f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
18621f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
18631f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18641f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
18651f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
18661f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
18671f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18681f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
18691f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
18701f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18711f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18721f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
18731f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
18741f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
18751f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
18761f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
18771f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18781f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
18791f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18801f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18811f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
18821f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18831f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
18841f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18851f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18861f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18871f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18881f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18891f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
18901f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
18911f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18921f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
18931f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
18941f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18951f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18971f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
18981f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
18991f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19001f94.1b3c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19011f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19021f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
19031f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19041f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19051f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19061f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19071f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19081f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19091f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19101f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19111f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
19121f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
19131f94.1b3c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
19141f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19151f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19161f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
19171f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19181f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19191f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19201f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19211f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19221f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19231f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19241f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce2fd0000 LB 0x000a2000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19251f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19261f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce3080000 LB 0x002a8000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19271f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19281f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffce3710000 LB 0x000e3000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19291f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19301f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdfad0000 LB 0x0004a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19311f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19321f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdfad0000 'C:\WINDOWS\system32\dataexchange.dll'
19331f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
19341f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19351f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
19361f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
19371f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
19381f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19391f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
19401f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
19411f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
19421f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
19431f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
19441f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdf8f0000 LB 0x00100000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19451f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19461f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19471f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19481f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
19491f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19501f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19511f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19521f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19531f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
19541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19551f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19561f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
19571f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
19581f94.1b3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
19591f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19601f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19611f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8380000 'C:\WINDOWS\system32\ole32.dll'
19621f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19631f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19641f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7f90000 'C:\WINDOWS\system32\OLEAUT32.dll'
19651f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a38 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19661f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
19671f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
19681f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
19691f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
19701f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
19711f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
19721f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19731f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19741f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19751f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19761f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
19771f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19781f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
19791f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
19801f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a40 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19811f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
19821f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
19831f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA
19841f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
19851f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
19861f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
19871f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19881f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19891f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
19901f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
19911f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
19921f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19931f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19941f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19951f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19961f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19971f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19981f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19991f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20001f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20011f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20021f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20031f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20041f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20051f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20061f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20071f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20081f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20091f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdb780000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20101f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20111f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcde350000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20121f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20131f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20141f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b90000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20151f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde350000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20161f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20171f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
20181f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
20191f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
20201f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
20211f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
20221f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
20231f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20241f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20251f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20261f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20271f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20281f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20291f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20301f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20311f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20321f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20331f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20341f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdaaa0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
20351f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20361f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdaaa0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
20371f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20381f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b90000 'api-ms-win-core-localization-l1-2-0.dll'
20391f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20401f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b90000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20411f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008b8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20421f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
20431f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
20441f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
20451f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
20461f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
20471f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
20481f94.1b3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20491f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20501f94.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20511f94.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
20521f94.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20531f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20541f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20551f94.1b3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20561f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20571f94.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20581f94.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20591f94.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20601f94.1b3c: supR3HardenedDllNotificationCallback: load 00007ffcdaaf0000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
20611f94.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20621f94.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdaaf0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
20631f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
20641f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
20651f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20661f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20671f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20681f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20691f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20701f94.17e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust
20711f94.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
20721f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20731f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20741f94.17e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20751f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20761f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20771f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20781f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20791f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20801f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20811f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20821f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20831f94.17e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20841f94.17e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
20851f94.17e4: supR3HardenedDllNotificationCallback: load 00007ffcc6dd0000 LB 0x00128000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0]
20861f94.17e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
20871f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6dd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL'
20881f94.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
20891f94.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
20901f94.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
20911f94.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
20921f94.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
20931f94.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
20941f94.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20951f94.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20961f94.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20971f94.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20981f94.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20991f94.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21001f94.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
21011f94.e30: supR3HardenedDllNotificationCallback: load 00007ffce4930000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
21021f94.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
21031f94.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4930000 'C:\WINDOWS\system32\mswsock.dll'
21041f94.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
21051f94.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21061f94.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4930000 'C:\WINDOWS\system32\mswsock.dll'
21071f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21081f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21091f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21101f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21111f94.17e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21121f94.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21131f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21141f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21151f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21161f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21171f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21181f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21191f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21201f94.17e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21211f94.17e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21221f94.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21231f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21241f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21251f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21261f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21271f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21281f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21291f94.17e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21301f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21311f94.17e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21321f94.17e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21331f94.17e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21341f94.17e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21351f94.17e4: supR3HardenedDllNotificationCallback: load 000000005a510000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21361f94.17e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21371f94.17e4: supR3HardenedDllNotificationCallback: load 00007ffcd3280000 LB 0x00299000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21381f94.17e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21391f94.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3280000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21401f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21411f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
21421f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
21431f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
21441f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F5AA7DDBA30AE24B0F6C58D09C880A3721404CA
21451f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21461f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
21471f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1613_for_KB3176493~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
21481f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21491f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21501f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
21511f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'.
21521f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'ws2_32.dll'.
21531f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'netsetupapi.dll'.
21541f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'setupapi.dll'.
21551f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
21561f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
21571f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21581f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21591f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21601f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
21611f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
21621f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
21631f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
21641f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
21651f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
21661f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
21671f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
21681f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21691f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21701f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21711f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21721f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21731f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21741f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
21751f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
21761f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
21771f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21781f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
21791f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
21801f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
21811f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21821f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21831f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21841f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21851f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21861f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21871f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21881f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21891f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21901f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21911f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21921f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21931f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21941f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21951f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21961f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
21971f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
21981f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce2f70000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
21991f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22001f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce8580000 LB 0x00429000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
22011f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22021f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd8ed0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
22031f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22041f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8ed0000 'C:\Windows\System32\NetSetupShim.dll'
22051f94.5dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
22061f94.5dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22071f94.5dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22081f94.5dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22091f94.5dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22101f94.5dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22111f94.5dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22121f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22131f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22141f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22151f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22161f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22171f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22181f94.5dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22191f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22201f94.5dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22211f94.5dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22221f94.5dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22231f94.5dc: supR3HardenedDllNotificationCallback: load 00007ffce0dc0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22241f94.5dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22251f94.5dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0dc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22261f94.5dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6350000 'C:\WINDOWS\system32\User32.dll'
22271f94.1918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
22281f94.1918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22291f94.1918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22301f94.1918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22311f94.1918: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22321f94.1918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22331f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22341f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22351f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22361f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22371f94.1918: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22381f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22391f94.1918: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22401f94.1918: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22411f94.1918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22421f94.1918: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22431f94.1918: supR3HardenedDllNotificationCallback: load 00007ffce0db0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22441f94.1918: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22451f94.1918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0db0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22461f94.1268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
22471f94.1268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22481f94.1268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22491f94.1268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22501f94.1268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
22511f94.1268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22521f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22531f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22541f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22551f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22561f94.1268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22571f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22581f94.1268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22591f94.1268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22601f94.1268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22611f94.1268: supR3HardenedDllNotificationCallback: load 00007ffce0da0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22621f94.1268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22631f94.1268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0da0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22641f94.774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
22651f94.774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22661f94.774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22671f94.774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22681f94.774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
22691f94.774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22701f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22711f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22721f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22731f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22741f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22751f94.774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22761f94.774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22771f94.774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22781f94.774: supR3HardenedDllNotificationCallback: load 00007ffce0720000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
22791f94.774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22801f94.774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0720000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
22811f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce6520000 'C:\WINDOWS\system32\Shell32.dll'
22821f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22831f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22841f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3280000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22851f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
22861f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22871f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22881f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22891f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22901f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22911f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
22921f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22931f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22941f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22951f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22961f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22971f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22981f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22991f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23001f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23011f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23021f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23031f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23041f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23051f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23061f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23071f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdba00000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
23081f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23091f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdba00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
23101f94.ef0: supR3HardenedDllNotificationCallback: Unload 00007ffcdba00000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
23111f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23121f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23131f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23141f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23151f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23161f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
23171f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23181f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23191f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23201f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23211f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23221f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23231f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23241f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23251f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23261f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23271f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23281f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
23291f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23301f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23311f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23321f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23331f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23341f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23351f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23361f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23371f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23381f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23391f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23401f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23411f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23421f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23431f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23441f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23451f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23461f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23471f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23481f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23491f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23501f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23511f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23521f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23531f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23541f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23551f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23561f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23571f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23581f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23591f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23601f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
23611f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23621f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23631f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23641f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23651f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23661f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23671f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23681f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23691f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23701f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23711f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23721f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23731f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23741f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23751f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23761f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23771f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23781f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23791f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23801f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23811f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23821f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23831f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23841f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23851f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23861f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd69f0000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
23871f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23881f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdba30000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
23891f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23901f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdee70000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
23911f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23921f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcc1b10000 LB 0x008c6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23931f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23941f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc1b10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
23951f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
23961f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23971f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23981f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23991f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdba00000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24001f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24011f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdba00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24021f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24031f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24041f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24051f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc23e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
24061f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24071f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24081f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24091f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdba30000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
24101f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24111f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24121f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24131f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24141f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
24151f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24161f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24171f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24181f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24191f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24201f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24211f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24221f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdb9e0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
24231f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24241f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdb9e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
24251f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24261f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24271f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24281f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24291f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
24301f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24311f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24321f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24331f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24341f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24351f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24361f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24371f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdb9c0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
24381f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24391f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdb9c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
24401f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24411f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24421f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24431f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24441f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
24451f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24461f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24471f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24481f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24491f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24501f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24511f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24521f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd95e0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
24531f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24541f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd95e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
24551f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24561f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24571f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24581f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24591f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
24601f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24611f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24621f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24631f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24641f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24651f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24661f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24671f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd95a0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
24681f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24691f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd95a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
24701f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24711f94.1c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24721f94.1c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24731f94.1c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24741f94.1c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24751f94.1c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
24761f94.1c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24771f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24781f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24791f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24801f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24811f94.1c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24821f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24831f94.1c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24841f94.1c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24851f94.1c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24861f94.1c38: supR3HardenedDllNotificationCallback: load 00007ffce0520000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24871f94.1c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24881f94.1c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0520000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24891f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24901f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
24911f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24921f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24931f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24941f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24951f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
24961f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
24971f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24981f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24991f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25001f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25011f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25021f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25031f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25041f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25051f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25061f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
25071f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd3e80000 LB 0x0008a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
25081f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
25091f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3e80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
25101f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d88 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
25111f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
25121f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
25131f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C46CF6D8C425A34B7EDE4E8FD0F2E4A8182CBB1
25141f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
25151f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
25161f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
25171f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25181f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25191f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
25201f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
25211f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
25221f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
25231f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
25241f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25251f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25261f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25271f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25281f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25291f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
25301f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25311f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25321f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25331f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25341f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25351f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25361f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd8f60000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
25371f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25381f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25391f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25401f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8f60000 'C:\WINDOWS\System32\dsound.dll'
25411f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8f60000 'C:\WINDOWS\System32\dsound.dll'
25421f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
25431f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25441f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8f60000 'C:\WINDOWS\system32\dsound.dll'
25451f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
25461f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
25471f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25481f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
25491f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
25501f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
25511f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
25521f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
25531f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
25541f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
25551f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
25561f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
25571f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25581f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25591f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
25601f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
25611f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
25621f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
25631f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
25641f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25651f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25661f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25671f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25681f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25691f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25701f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
25711f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
25721f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25731f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
25741f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
25751f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
25761f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25771f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25781f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25791f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25801f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
25811f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
25821f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
25831f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
25841f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
25851f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25861f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
25871f94.ef0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
25881f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25891f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25901f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25911f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
25921f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
25931f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
25941f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce3dc0000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
25951f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
25961f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcde3e0000 LB 0x00186000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
25971f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
25981f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdea10000 LB 0x00070000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
25991f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26001f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdea10000 'C:\WINDOWS\System32\MMDevApi.dll'
26011f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26021f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26031f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdea10000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
26041f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26051f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26061f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
26071f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26081f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
26091f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
26101f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E241BE9D4F52A26C9ED7BD86312051FE44DA417
26111f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
26121f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
26131f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
26141f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26151f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26161f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
26171f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
26181f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
26191f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
26201f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
26211f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
26221f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26231f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26241f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26251f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26261f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26271f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26281f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
26291f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
26301f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
26311f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
26321f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26331f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26341f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26351f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26361f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26371f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
26381f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
26391f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
26401f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
26411f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26421f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
26431f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
26441f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26451f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26461f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26471f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26481f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26491f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26501f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
26511f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
26521f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce1000000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
26531f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
26541f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce2c50000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
26551f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
26561f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd9550000 LB 0x00042000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
26571f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26581f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
26591f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26601f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26611f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
26621f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26631f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26641f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
26651f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26661f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26671f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
26681f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26691f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26701f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
26711f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
26721f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
26731f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26741f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
26751f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
26761f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
26771f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
26781f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
26791f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26801f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26811f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26821f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26831f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26841f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26851f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26861f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26871f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26881f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26891f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
26901f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26911f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
26921f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
26931f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
26941f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
26951f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd9010000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
26961f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
26971f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcc9cd0000 LB 0x00088000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
26981f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
26991f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc9cd0000 'C:\WINDOWS\system32\AUDIOSES.DLL'
27001f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27011f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27021f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27031f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27041f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
27051f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27061f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27071f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
27081f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
27091f94.ef0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
27101f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27111f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27121f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27131f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27141f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27151f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27161f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27171f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27181f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27191f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27201f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27211f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27221f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27231f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27241f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27251f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27261f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27271f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9550000 'C:\WINDOWS\system32\wdmaud.drv'
27281f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
27291f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
27301f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
27311f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E2C15A147F336A77E08F63DA2B7DC249BAC5291
27321f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
27331f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
27341f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
27351f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27361f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27371f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
27381f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
27391f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
27401f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
27411f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
27421f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27431f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27441f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27451f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27461f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27471f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
27481f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
27491f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
27501f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
27511f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27521f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
27531f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
27541f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27551f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27561f94.ef0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27571f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27581f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27591f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27601f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27611f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27621f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27631f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
27641f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcd9260000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
27651f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
27661f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffce0260000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
27671f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27681f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27691f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27701f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27711f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27721f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27731f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27741f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27751f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27761f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27771f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27781f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27791f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27801f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27811f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27821f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27831f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27841f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27851f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27861f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27871f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27881f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27891f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce0260000 'C:\WINDOWS\system32\msacm32.drv'
27901f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
27911f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f185d0
27921f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f185d0
27931f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C5FAE1499C6920F25025123B65102443C15281
27941f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
27951f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
27961f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
27971f94.ef0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27981f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27991f94.ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
28001f94.ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
28011f94.ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
28021f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28031f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28041f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28051f94.ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28061f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28071f94.ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28081f94.ef0: supR3HardenedDllNotificationCallback: load 00007ffcdf860000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
28091f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28101f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdf860000 'C:\WINDOWS\system32\midimap.dll'
28111f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28121f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28131f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdf860000 'C:\WINDOWS\system32\midimap.dll'
28141f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28151f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28161f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdf860000 'C:\WINDOWS\system32\midimap.dll'
28171f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28181f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28191f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdf860000 'C:\WINDOWS\system32\midimap.dll'
28201f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28211f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28221f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28231f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28241f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28251f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28261f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28271f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28281f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28291f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28301f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28311f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28321f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28331f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28341f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28351f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28361f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28371f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28381f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28391f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28401f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8f60000 'C:\WINDOWS\system32\dsound.dll'
28411f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28421f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28431f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28441f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28451f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28461f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8f60000 'C:\WINDOWS\system32\dsound.dll'
28471f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde310000 'C:\WINDOWS\system32\winmm.dll'
28481f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28491f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28501f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3280000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28511f94.ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28521f94.ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28531f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce7a90000 'C:\WINDOWS\system32\kernel32.dll'
28541f94.ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
28551f94.19a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28561f94.19a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28571f94.19a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce2c50000 'C:\WINDOWS\system32\avrt.dll'
28581f94.ee0: supR3HardenedDllNotificationCallback: Unload 00007ffcd8ed0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
28591f94.ee0: supR3HardenedDllNotificationCallback: Unload 00007ffce2f70000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
28601f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28611f94.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll)
28621f94.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
28631f94.21a0: supR3HardenedDllNotificationCallback: load 00007ffce4b70000 LB 0x00056000 C:\WINDOWS\SYSTEM32\winsta.dll [fFlags=0x0]
28641f94.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll [avoiding WinVerifyTrust]
28651f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28661f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28671f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
28681f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5b30000 'C:\Windows\System32\WINTRUST.DLL'
28691f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\CRYPT32.dll'
28701f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
28711f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3050000 'C:\Windows\System32\cryptnet.dll'
28721f94.21a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winsta.dll'
28731f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
28741f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
28751f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28761f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
28771f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28781f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
28791f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
28801f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'winsta.dll'.
28811f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msacm32.dll'.
28821f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'wtsapi32.dll'.
28831f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'mmdevapi.dll'.
28841f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
28851f94.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rdpendp.dll) WinVerifyTrust
28861f94.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
28871f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
28881f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
28891f94.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
28901f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28911f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28921f94.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28931f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
28941f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
28951f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce4670000 'C:\WINDOWS\system32\rsaenh.dll'
28961f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce51d0000 'C:\WINDOWS\system32\crypt32.dll'
28971f94.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28981f94.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
28991f94.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29001f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29011f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29021f94.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29031f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winsta.dll'...
29041f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winsta.dll' -> '\Device\HarddiskVolume2\Windows\System32\winsta.dll' [rcNtRedir=0xc0150008]
29051f94.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
29061f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29071f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29081f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29091f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29101f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29111f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29121f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29131f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29141f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29151f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29161f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29171f94.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29181f94.21a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rdpendp.dll (Input=rdpendp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29191f94.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29201f94.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29211f94.21a0: supR3HardenedDllNotificationCallback: load 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
29221f94.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29231f94.21a0: supR3HardenedDllNotificationCallback: load 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [fFlags=0x0]
29241f94.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29251f94.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad5b0000 'C:\WINDOWS\system32\rdpendp.dll'
29261f94.1da0: supR3HardenedDllNotificationCallback: Unload 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [flags=0x0]
29271f94.1da0: supR3HardenedDllNotificationCallback: Unload 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [flags=0x0]
29281f94.250c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29291f94.250c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rdpendp.dll (Input=rdpendp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29301f94.250c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29311f94.250c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29321f94.250c: supR3HardenedDllNotificationCallback: load 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
29331f94.250c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29341f94.250c: supR3HardenedDllNotificationCallback: load 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [fFlags=0x0]
29351f94.250c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29361f94.250c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad5b0000 'C:\WINDOWS\system32\rdpendp.dll'
29371f94.204: supR3HardenedDllNotificationCallback: Unload 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [flags=0x0]
29381f94.204: supR3HardenedDllNotificationCallback: Unload 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [flags=0x0]
29391f94.22c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29401f94.22c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rdpendp.dll (Input=rdpendp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29411f94.22c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29421f94.22c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29431f94.22c4: supR3HardenedDllNotificationCallback: load 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
29441f94.22c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29451f94.22c4: supR3HardenedDllNotificationCallback: load 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [fFlags=0x0]
29461f94.22c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rdpendp.dll
29471f94.22c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad5b0000 'C:\WINDOWS\system32\rdpendp.dll'
29481f94.818: supR3HardenedDllNotificationCallback: Unload 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [flags=0x0]
29491f94.818: supR3HardenedDllNotificationCallback: Unload 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [flags=0x0]
29501f94.688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29511f94.688: supR3HardenedDllNotificationCallback: load 00007ffcdf520000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
29521f94.688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
29531f94.688: supR3HardenedDllNotificationCallback: load 00007ffcad5b0000 LB 0x0004c000 C:\WINDOWS\system32\rdpendp.dll [fFlags=0x0]
29541f94.688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad5b0000 'C:\WINDOWS\system32\rdpendp.dll'
2955f8c.84c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 560486222 ms, the end);
29561c08.1510: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 560486753 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy