VirtualBox

Ticket #16881: VBoxHardening.log

File VBoxHardening.log, 399.2 KB (added by ArturoEAS, 7 years ago)
Line 
13ef4.4424: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
23ef4.4424: \SystemRoot\System32\ntdll.dll:
33ef4.4424: CreationTime: 2017-06-30T17:08:39.227030600Z
43ef4.4424: LastWriteTime: 2017-06-20T06:10:49.467134900Z
53ef4.4424: ChangeTime: 2017-07-01T00:21:09.487023600Z
63ef4.4424: FileAttributes: 0x20
73ef4.4424: Size: 0x1d7450
83ef4.4424: NT Headers: 0xe0
93ef4.4424: Timestamp: 0xa329d3a8
103ef4.4424: Machine: 0x8664 - amd64
113ef4.4424: Timestamp: 0xa329d3a8
123ef4.4424: Image Version: 10.0
133ef4.4424: SizeOfImage: 0x1db000 (1945600)
143ef4.4424: Resource Dir: 0x170000 LB 0x69398
153ef4.4424: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163ef4.4424: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173ef4.4424: ProductName: Microsoft® Windows® Operating System
183ef4.4424: ProductVersion: 10.0.15063.447
193ef4.4424: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
203ef4.4424: FileDescription: NT Layer DLL
213ef4.4424: \SystemRoot\System32\kernel32.dll:
223ef4.4424: CreationTime: 2017-05-27T17:42:33.840454800Z
233ef4.4424: LastWriteTime: 2017-05-27T17:42:33.840454800Z
243ef4.4424: ChangeTime: 2017-06-30T18:46:29.854227100Z
253ef4.4424: FileAttributes: 0x20
263ef4.4424: Size: 0xad068
273ef4.4424: NT Headers: 0xf8
283ef4.4424: Timestamp: 0xf5fa43df
293ef4.4424: Machine: 0x8664 - amd64
303ef4.4424: Timestamp: 0xf5fa43df
313ef4.4424: Image Version: 10.0
323ef4.4424: SizeOfImage: 0xae000 (712704)
333ef4.4424: Resource Dir: 0xac000 LB 0x520
343ef4.4424: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353ef4.4424: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363ef4.4424: ProductName: Microsoft® Windows® Operating System
373ef4.4424: ProductVersion: 10.0.15063.296
383ef4.4424: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
393ef4.4424: FileDescription: Windows NT BASE API Client DLL
403ef4.4424: \SystemRoot\System32\KernelBase.dll:
413ef4.4424: CreationTime: 2017-06-30T17:08:24.893377500Z
423ef4.4424: LastWriteTime: 2017-06-20T06:11:39.396564300Z
433ef4.4424: ChangeTime: 2017-07-01T00:21:06.187546100Z
443ef4.4424: FileAttributes: 0x20
453ef4.4424: Size: 0x249df0
463ef4.4424: NT Headers: 0x100
473ef4.4424: Timestamp: 0x30ec82a7
483ef4.4424: Machine: 0x8664 - amd64
493ef4.4424: Timestamp: 0x30ec82a7
503ef4.4424: Image Version: 10.0
513ef4.4424: SizeOfImage: 0x249000 (2396160)
523ef4.4424: Resource Dir: 0x22a000 LB 0x548
533ef4.4424: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543ef4.4424: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553ef4.4424: ProductName: Microsoft® Windows® Operating System
563ef4.4424: ProductVersion: 10.0.15063.447
573ef4.4424: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
583ef4.4424: FileDescription: Windows NT BASE API Client DLL
593ef4.4424: \SystemRoot\System32\apisetschema.dll:
603ef4.4424: CreationTime: 2017-03-18T20:57:35.373527900Z
613ef4.4424: LastWriteTime: 2017-03-18T20:57:35.373527900Z
623ef4.4424: ChangeTime: 2017-05-27T17:24:19.355449800Z
633ef4.4424: FileAttributes: 0x20
643ef4.4424: Size: 0x1ada0
653ef4.4424: NT Headers: 0xc0
663ef4.4424: Timestamp: 0x76544b2
673ef4.4424: Machine: 0x8664 - amd64
683ef4.4424: Timestamp: 0x76544b2
693ef4.4424: Image Version: 10.0
703ef4.4424: SizeOfImage: 0x1b000 (110592)
713ef4.4424: Resource Dir: 0x1a000 LB 0x408
723ef4.4424: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733ef4.4424: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743ef4.4424: ProductName: Microsoft® Windows® Operating System
753ef4.4424: ProductVersion: 10.0.15063.0
763ef4.4424: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
773ef4.4424: FileDescription: ApiSet Schema DLL
783ef4.4424: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793ef4.4424: supR3HardenedWinFindAdversaries: 0x20
803ef4.4424: \SystemRoot\System32\drivers\cfwids.sys:
813ef4.4424: CreationTime: 2017-04-18T14:52:18.000000000Z
823ef4.4424: LastWriteTime: 2017-05-02T16:07:48.000000000Z
833ef4.4424: ChangeTime: 2017-06-22T01:29:21.639729500Z
843ef4.4424: FileAttributes: 0x20
853ef4.4424: Size: 0x12c18
863ef4.4424: NT Headers: 0xe0
873ef4.4424: Timestamp: 0x5902c8f4
883ef4.4424: Machine: 0x8664 - amd64
893ef4.4424: Timestamp: 0x5902c8f4
903ef4.4424: Image Version: 0.0
913ef4.4424: SizeOfImage: 0x14000 (81920)
923ef4.4424: Resource Dir: 0x12000 LB 0x550
933ef4.4424: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
943ef4.4424: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
953ef4.4424: ProductName: SYSCORE
963ef4.4424: ProductVersion: 15.6.0.2180
973ef4.4424: FileVersion: SYSCORE.15.6.0.2180
983ef4.4424: PrivateBuild: SYSCORE.15.6.0.2180
993ef4.4424: FileDescription: McAfee Personal Firewall IDS Plugin
1003ef4.4424: \SystemRoot\System32\drivers\mfeavfk.sys:
1013ef4.4424: CreationTime: 2017-04-18T14:52:18.000000000Z
1023ef4.4424: LastWriteTime: 2017-05-02T16:07:48.000000000Z
1033ef4.4424: ChangeTime: 2017-06-22T01:29:10.306578500Z
1043ef4.4424: FileAttributes: 0x20
1053ef4.4424: Size: 0x56610
1063ef4.4424: NT Headers: 0xf8
1073ef4.4424: Timestamp: 0x5902c88c
1083ef4.4424: Machine: 0x8664 - amd64
1093ef4.4424: Timestamp: 0x5902c88c
1103ef4.4424: Image Version: 0.0
1113ef4.4424: SizeOfImage: 0x57000 (356352)
1123ef4.4424: Resource Dir: 0x55000 LB 0x758
1133ef4.4424: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1143ef4.4424: [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)]
1153ef4.4424: ProductName: SYSCORE
1163ef4.4424: ProductVersion: 15.6.0.2180
1173ef4.4424: FileVersion: SYSCORE.15.6.0.2180
1183ef4.4424: PrivateBuild: SYSCORE.15.6.0.2180 F15,F16,F19
1193ef4.4424: FileDescription: Anti-Virus File System Filter Driver
1203ef4.4424: \SystemRoot\System32\drivers\mfefirek.sys:
1213ef4.4424: CreationTime: 2017-04-18T14:52:18.000000000Z
1223ef4.4424: LastWriteTime: 2017-05-02T16:07:48.000000000Z
1233ef4.4424: ChangeTime: 2017-06-22T01:29:20.976381300Z
1243ef4.4424: FileAttributes: 0x20
1253ef4.4424: Size: 0x7b210
1263ef4.4424: NT Headers: 0xe0
1273ef4.4424: Timestamp: 0x5902c8d1
1283ef4.4424: Machine: 0x8664 - amd64
1293ef4.4424: Timestamp: 0x5902c8d1
1303ef4.4424: Image Version: 0.0
1313ef4.4424: SizeOfImage: 0x7d000 (512000)
1323ef4.4424: Resource Dir: 0x79000 LB 0x388
1333ef4.4424: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1343ef4.4424: [Raw version resource data: 0x79060 LB 0x328, codepage 0x0 (reserved 0x0)]
1353ef4.4424: ProductName: SYSCORE
1363ef4.4424: ProductVersion: 15.6.0.2180
1373ef4.4424: FileVersion: SYSCORE.15.6.0.2180
1383ef4.4424: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
1393ef4.4424: FileDescription: McAfee Core Firewall Engine Driver
1403ef4.4424: \SystemRoot\System32\drivers\mfehidk.sys:
1413ef4.4424: CreationTime: 2017-04-18T14:52:18.000000000Z
1423ef4.4424: LastWriteTime: 2017-05-02T16:07:48.000000000Z
1433ef4.4424: ChangeTime: 2017-06-22T01:29:16.601713600Z
1443ef4.4424: FileAttributes: 0x20
1453ef4.4424: Size: 0xe0410
1463ef4.4424: NT Headers: 0xf8
1473ef4.4424: Timestamp: 0x5902c7ef
1483ef4.4424: Machine: 0x8664 - amd64
1493ef4.4424: Timestamp: 0x5902c7ef
1503ef4.4424: Image Version: 0.0
1513ef4.4424: SizeOfImage: 0xe9000 (954368)
1523ef4.4424: Resource Dir: 0xe5000 LB 0x758
1533ef4.4424: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1543ef4.4424: [Raw version resource data: 0xe5110 LB 0x320, codepage 0x0 (reserved 0x0)]
1553ef4.4424: ProductName: SYSCORE
1563ef4.4424: ProductVersion: 15.6.0.2180
1573ef4.4424: FileVersion: SYSCORE.15.6.0.2180
1583ef4.4424: PrivateBuild: SYSCORE.15.6.0.2180 F14,F15,F16,F18,F20
1593ef4.4424: FileDescription: McAfee Link Driver
1603ef4.4424: \SystemRoot\System32\drivers\mfencbdc.sys:
1613ef4.4424: CreationTime: 2017-04-07T07:42:02.000000000Z
1623ef4.4424: LastWriteTime: 2017-04-07T07:42:02.000000000Z
1633ef4.4424: ChangeTime: 2017-06-22T01:30:21.795119700Z
1643ef4.4424: FileAttributes: 0x20
1653ef4.4424: Size: 0x79010
1663ef4.4424: NT Headers: 0xe0
1673ef4.4424: Timestamp: 0x58de271a
1683ef4.4424: Machine: 0x8664 - amd64
1693ef4.4424: Timestamp: 0x58de271a
1703ef4.4424: Image Version: 0.0
1713ef4.4424: SizeOfImage: 0x7d000 (512000)
1723ef4.4424: Resource Dir: 0x7b000 LB 0x3d8
1733ef4.4424: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1743ef4.4424: [Raw version resource data: 0x7b060 LB 0x378, codepage 0x0 (reserved 0x0)]
1753ef4.4424: ProductName: Anti-Malware Core
1763ef4.4424: ProductVersion: 1.5.0
1773ef4.4424: FileVersion: Anti-Malware Core.1.5.0.2580.x64
1783ef4.4424: PrivateBuild: Anti-Malware Core.1.5.0.2580.x64
1793ef4.4424: FileDescription: Event Driver
1803ef4.4424: \SystemRoot\System32\drivers\mfewfpk.sys:
1813ef4.4424: CreationTime: 2017-04-18T14:52:18.000000000Z
1823ef4.4424: LastWriteTime: 2017-05-02T16:07:48.000000000Z
1833ef4.4424: ChangeTime: 2017-06-22T01:29:14.856178900Z
1843ef4.4424: FileAttributes: 0x20
1853ef4.4424: Size: 0x3da10
1863ef4.4424: NT Headers: 0x100
1873ef4.4424: Timestamp: 0x5902c80a
1883ef4.4424: Machine: 0x8664 - amd64
1893ef4.4424: Timestamp: 0x5902c80a
1903ef4.4424: Image Version: 0.0
1913ef4.4424: SizeOfImage: 0x59000 (364544)
1923ef4.4424: Resource Dir: 0x57000 LB 0x380
1933ef4.4424: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1943ef4.4424: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1953ef4.4424: ProductName: SYSCORE
1963ef4.4424: ProductVersion: 15.6.0.2180
1973ef4.4424: FileVersion: SYSCORE.15.6.0.2180
1983ef4.4424: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
1993ef4.4424: FileDescription: Anti-Virus Mini-Firewall Driver
2003ef4.4424: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2013ef4.4424: Calling main()
2023ef4.4424: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2033ef4.4424: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2043ef4.4424: SUPR3HardenedMain: Respawn #1
2053ef4.4424: System32: \Device\HarddiskVolume2\Windows\System32
2063ef4.4424: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2073ef4.4424: KnownDllPath: C:\WINDOWS\System32
2083ef4.4424: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2093ef4.4424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2103ef4.4424: supR3HardNtEnableThreadCreation:
2113ef4.4424: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a3569ac0 pvNtTerminateThread=00007ff8a3595df0
2123ef4.4424: supR3HardenedWinDoReSpawn(1): New child 52bc.b58 [kernel32].
2133ef4.4424: supR3HardNtChildGatherData: PebBaseAddress=00000000002c8000 cbPeb=0x388
2143ef4.4424: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8a34f0000 uNtDllChildAddr=00007ff8a34f0000
2153ef4.4424: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8a3569ac0
2163ef4.4424: supR3HardenedWinSetupChildInit: Start child.
2173ef4.4424: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2183ef4.4424: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 58 sleeps
2193ef4.4424: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2203ef4.4424: *0000000000000000-00000000000fffff 0x0001/0x0000 0x0000000
2213ef4.4424: *0000000000100000-000000000011ffff 0x0004/0x0004 0x0020000
2223ef4.4424: *0000000000120000-0000000000137fff 0x0002/0x0002 0x0040000
2233ef4.4424: 0000000000138000-000000000013ffff 0x0001/0x0000 0x0000000
2243ef4.4424: *0000000000140000-0000000000143fff 0x0002/0x0002 0x0040000
2253ef4.4424: 0000000000144000-000000000014ffff 0x0001/0x0000 0x0000000
2263ef4.4424: *0000000000150000-0000000000150fff 0x0004/0x0004 0x0020000
2273ef4.4424: 0000000000151000-00000000001fffff 0x0001/0x0000 0x0000000
2283ef4.4424: *0000000000200000-00000000002c7fff 0x0000/0x0004 0x0020000
2293ef4.4424: 00000000002c8000-00000000002cafff 0x0004/0x0004 0x0020000
2303ef4.4424: 00000000002cb000-00000000003fffff 0x0000/0x0004 0x0020000
2313ef4.4424: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
2323ef4.4424: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
2333ef4.4424: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
2343ef4.4424: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
2353ef4.4424: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2363ef4.4424: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2373ef4.4424: 000000007fff0000-00007ff759a2ffff 0x0001/0x0000 0x0000000
2383ef4.4424: *00007ff759a30000-00007ff759a52fff 0x0002/0x0002 0x0040000
2393ef4.4424: 00007ff759a53000-00007ff75a77ffff 0x0001/0x0000 0x0000000
2403ef4.4424: *00007ff75a780000-00007ff75a780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2413ef4.4424: 00007ff75a781000-00007ff75a7f0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2423ef4.4424: 00007ff75a7f1000-00007ff75a7f1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2433ef4.4424: 00007ff75a7f2000-00007ff75a836fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2443ef4.4424: 00007ff75a837000-00007ff75a837fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2453ef4.4424: 00007ff75a838000-00007ff75a838fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2463ef4.4424: 00007ff75a839000-00007ff75a83dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2473ef4.4424: 00007ff75a83e000-00007ff75a83efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2483ef4.4424: 00007ff75a83f000-00007ff75a83ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2493ef4.4424: 00007ff75a840000-00007ff75a843fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2503ef4.4424: 00007ff75a844000-00007ff75a88bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2513ef4.4424: 00007ff75a88c000-00007ff8a34effff 0x0001/0x0000 0x0000000
2523ef4.4424: *00007ff8a34f0000-00007ff8a34f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2533ef4.4424: 00007ff8a34f1000-00007ff8a35fffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2543ef4.4424: 00007ff8a3600000-00007ff8a3644fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2553ef4.4424: 00007ff8a3645000-00007ff8a364cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2563ef4.4424: 00007ff8a364d000-00007ff8a365afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2573ef4.4424: 00007ff8a365b000-00007ff8a365bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2583ef4.4424: 00007ff8a365c000-00007ff8a365efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2593ef4.4424: 00007ff8a365f000-00007ff8a36cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2603ef4.4424: 00007ff8a36cb000-00007ffffffdffff 0x0001/0x0000 0x0000000
2613ef4.4424: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2623ef4.4424: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
2633ef4.4424: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2643ef4.4424: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2653ef4.4424: supR3HardNtChildPurify: Done after 583 ms and 0 fixes (loop #0).
26652bc.b58: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
26752bc.b58: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8a34f0000 g_uNtVerCombined=0xa03ad700
26852bc.b58: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
26952bc.b58: New simple heap: #1 0000000000600000 LB 0x400000 (for 1945600 allocation)
2703ef4.4424: supR3HardNtEnableThreadCreation:
27152bc.b58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
27252bc.b58: System32: \Device\HarddiskVolume2\Windows\System32
27352bc.b58: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
27452bc.b58: KnownDllPath: C:\WINDOWS\System32
27552bc.b58: supR3HardenedVmProcessInit: Opening vboxdrv stub...
27652bc.b58: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
27752bc.b58: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
27852bc.b58: Registered Dll notification callback with NTDLL.
27952bc.b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
28052bc.b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28152bc.b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
28252bc.b58: supR3HardenedDllNotificationCallback: load 00007ff8a0240000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
28352bc.b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
28452bc.b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
28552bc.b58: supR3HardenedDllNotificationCallback: load 00007ff8a0ab0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
28652bc.b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28752bc.b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\System32\KERNEL32.DLL'
28852bc.b58: supR3HardenedDllNotificationCallback: load 00007ff75a780000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
28952bc.b58: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29052bc.b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
29152bc.b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29252bc.b58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a3569ac0 pvNtTerminateThread=00007ff8a3595df0
2933ef4.4424: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 149 ms.
29452bc.b58: \SystemRoot\System32\ntdll.dll:
29552bc.b58: CreationTime: 2017-06-30T17:08:39.227030600Z
29652bc.b58: LastWriteTime: 2017-06-20T06:10:49.467134900Z
29752bc.b58: ChangeTime: 2017-07-01T00:21:09.487023600Z
29852bc.b58: FileAttributes: 0x20
29952bc.b58: Size: 0x1d7450
30052bc.b58: NT Headers: 0xe0
30152bc.b58: Timestamp: 0xa329d3a8
30252bc.b58: Machine: 0x8664 - amd64
30352bc.b58: Timestamp: 0xa329d3a8
30452bc.b58: Image Version: 10.0
30552bc.b58: SizeOfImage: 0x1db000 (1945600)
30652bc.b58: Resource Dir: 0x170000 LB 0x69398
30752bc.b58: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
30852bc.b58: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
30952bc.b58: ProductName: Microsoft® Windows® Operating System
31052bc.b58: ProductVersion: 10.0.15063.447
31152bc.b58: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
31252bc.b58: FileDescription: NT Layer DLL
31352bc.b58: \SystemRoot\System32\kernel32.dll:
31452bc.b58: CreationTime: 2017-05-27T17:42:33.840454800Z
31552bc.b58: LastWriteTime: 2017-05-27T17:42:33.840454800Z
31652bc.b58: ChangeTime: 2017-06-30T18:46:29.854227100Z
31752bc.b58: FileAttributes: 0x20
31852bc.b58: Size: 0xad068
31952bc.b58: NT Headers: 0xf8
32052bc.b58: Timestamp: 0xf5fa43df
32152bc.b58: Machine: 0x8664 - amd64
32252bc.b58: Timestamp: 0xf5fa43df
32352bc.b58: Image Version: 10.0
32452bc.b58: SizeOfImage: 0xae000 (712704)
32552bc.b58: Resource Dir: 0xac000 LB 0x520
32652bc.b58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32752bc.b58: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
32852bc.b58: ProductName: Microsoft® Windows® Operating System
32952bc.b58: ProductVersion: 10.0.15063.296
33052bc.b58: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
33152bc.b58: FileDescription: Windows NT BASE API Client DLL
33252bc.b58: \SystemRoot\System32\KernelBase.dll:
33352bc.b58: CreationTime: 2017-06-30T17:08:24.893377500Z
33452bc.b58: LastWriteTime: 2017-06-20T06:11:39.396564300Z
33552bc.b58: ChangeTime: 2017-07-01T00:21:06.187546100Z
33652bc.b58: FileAttributes: 0x20
33752bc.b58: Size: 0x249df0
33852bc.b58: NT Headers: 0x100
33952bc.b58: Timestamp: 0x30ec82a7
34052bc.b58: Machine: 0x8664 - amd64
34152bc.b58: Timestamp: 0x30ec82a7
34252bc.b58: Image Version: 10.0
34352bc.b58: SizeOfImage: 0x249000 (2396160)
34452bc.b58: Resource Dir: 0x22a000 LB 0x548
34552bc.b58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
34652bc.b58: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
34752bc.b58: ProductName: Microsoft® Windows® Operating System
34852bc.b58: ProductVersion: 10.0.15063.447
34952bc.b58: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
35052bc.b58: FileDescription: Windows NT BASE API Client DLL
35152bc.b58: \SystemRoot\System32\apisetschema.dll:
35252bc.b58: CreationTime: 2017-03-18T20:57:35.373527900Z
35352bc.b58: LastWriteTime: 2017-03-18T20:57:35.373527900Z
35452bc.b58: ChangeTime: 2017-05-27T17:24:19.355449800Z
35552bc.b58: FileAttributes: 0x20
35652bc.b58: Size: 0x1ada0
35752bc.b58: NT Headers: 0xc0
35852bc.b58: Timestamp: 0x76544b2
35952bc.b58: Machine: 0x8664 - amd64
36052bc.b58: Timestamp: 0x76544b2
36152bc.b58: Image Version: 10.0
36252bc.b58: SizeOfImage: 0x1b000 (110592)
36352bc.b58: Resource Dir: 0x1a000 LB 0x408
36452bc.b58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
36552bc.b58: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
36652bc.b58: ProductName: Microsoft® Windows® Operating System
36752bc.b58: ProductVersion: 10.0.15063.0
36852bc.b58: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
36952bc.b58: FileDescription: ApiSet Schema DLL
37052bc.b58: NtOpenDirectoryObject failed on \Driver: 0xc0000022
37152bc.b58: supR3HardenedWinFindAdversaries: 0x20
37252bc.b58: \SystemRoot\System32\drivers\cfwids.sys:
37352bc.b58: CreationTime: 2017-04-18T14:52:18.000000000Z
37452bc.b58: LastWriteTime: 2017-05-02T16:07:48.000000000Z
37552bc.b58: ChangeTime: 2017-06-22T01:29:21.639729500Z
37652bc.b58: FileAttributes: 0x20
37752bc.b58: Size: 0x12c18
37852bc.b58: NT Headers: 0xe0
37952bc.b58: Timestamp: 0x5902c8f4
38052bc.b58: Machine: 0x8664 - amd64
38152bc.b58: Timestamp: 0x5902c8f4
38252bc.b58: Image Version: 0.0
38352bc.b58: SizeOfImage: 0x14000 (81920)
38452bc.b58: Resource Dir: 0x12000 LB 0x550
38552bc.b58: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
38652bc.b58: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
38752bc.b58: ProductName: SYSCORE
38852bc.b58: ProductVersion: 15.6.0.2180
38952bc.b58: FileVersion: SYSCORE.15.6.0.2180
39052bc.b58: PrivateBuild: SYSCORE.15.6.0.2180
39152bc.b58: FileDescription: McAfee Personal Firewall IDS Plugin
39252bc.b58: \SystemRoot\System32\drivers\mfeavfk.sys:
39352bc.b58: CreationTime: 2017-04-18T14:52:18.000000000Z
39452bc.b58: LastWriteTime: 2017-05-02T16:07:48.000000000Z
39552bc.b58: ChangeTime: 2017-06-22T01:29:10.306578500Z
39652bc.b58: FileAttributes: 0x20
39752bc.b58: Size: 0x56610
39852bc.b58: NT Headers: 0xf8
39952bc.b58: Timestamp: 0x5902c88c
40052bc.b58: Machine: 0x8664 - amd64
40152bc.b58: Timestamp: 0x5902c88c
40252bc.b58: Image Version: 0.0
40352bc.b58: SizeOfImage: 0x57000 (356352)
40452bc.b58: Resource Dir: 0x55000 LB 0x758
40552bc.b58: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
40652bc.b58: [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)]
40752bc.b58: ProductName: SYSCORE
40852bc.b58: ProductVersion: 15.6.0.2180
40952bc.b58: FileVersion: SYSCORE.15.6.0.2180
41052bc.b58: PrivateBuild: SYSCORE.15.6.0.2180 F15,F16,F19
41152bc.b58: FileDescription: Anti-Virus File System Filter Driver
41252bc.b58: \SystemRoot\System32\drivers\mfefirek.sys:
41352bc.b58: CreationTime: 2017-04-18T14:52:18.000000000Z
41452bc.b58: LastWriteTime: 2017-05-02T16:07:48.000000000Z
41552bc.b58: ChangeTime: 2017-06-22T01:29:20.976381300Z
41652bc.b58: FileAttributes: 0x20
41752bc.b58: Size: 0x7b210
41852bc.b58: NT Headers: 0xe0
41952bc.b58: Timestamp: 0x5902c8d1
42052bc.b58: Machine: 0x8664 - amd64
42152bc.b58: Timestamp: 0x5902c8d1
42252bc.b58: Image Version: 0.0
42352bc.b58: SizeOfImage: 0x7d000 (512000)
42452bc.b58: Resource Dir: 0x79000 LB 0x388
42552bc.b58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
42652bc.b58: [Raw version resource data: 0x79060 LB 0x328, codepage 0x0 (reserved 0x0)]
42752bc.b58: ProductName: SYSCORE
42852bc.b58: ProductVersion: 15.6.0.2180
42952bc.b58: FileVersion: SYSCORE.15.6.0.2180
43052bc.b58: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
43152bc.b58: FileDescription: McAfee Core Firewall Engine Driver
43252bc.b58: \SystemRoot\System32\drivers\mfehidk.sys:
43352bc.b58: CreationTime: 2017-04-18T14:52:18.000000000Z
43452bc.b58: LastWriteTime: 2017-05-02T16:07:48.000000000Z
43552bc.b58: ChangeTime: 2017-06-22T01:29:16.601713600Z
43652bc.b58: FileAttributes: 0x20
43752bc.b58: Size: 0xe0410
43852bc.b58: NT Headers: 0xf8
43952bc.b58: Timestamp: 0x5902c7ef
44052bc.b58: Machine: 0x8664 - amd64
44152bc.b58: Timestamp: 0x5902c7ef
44252bc.b58: Image Version: 0.0
44352bc.b58: SizeOfImage: 0xe9000 (954368)
44452bc.b58: Resource Dir: 0xe5000 LB 0x758
44552bc.b58: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
44652bc.b58: [Raw version resource data: 0xe5110 LB 0x320, codepage 0x0 (reserved 0x0)]
44752bc.b58: ProductName: SYSCORE
44852bc.b58: ProductVersion: 15.6.0.2180
44952bc.b58: FileVersion: SYSCORE.15.6.0.2180
45052bc.b58: PrivateBuild: SYSCORE.15.6.0.2180 F14,F15,F16,F18,F20
45152bc.b58: FileDescription: McAfee Link Driver
45252bc.b58: \SystemRoot\System32\drivers\mfencbdc.sys:
45352bc.b58: CreationTime: 2017-04-07T07:42:02.000000000Z
45452bc.b58: LastWriteTime: 2017-04-07T07:42:02.000000000Z
45552bc.b58: ChangeTime: 2017-06-22T01:30:21.795119700Z
45652bc.b58: FileAttributes: 0x20
45752bc.b58: Size: 0x79010
45852bc.b58: NT Headers: 0xe0
45952bc.b58: Timestamp: 0x58de271a
46052bc.b58: Machine: 0x8664 - amd64
46152bc.b58: Timestamp: 0x58de271a
46252bc.b58: Image Version: 0.0
46352bc.b58: SizeOfImage: 0x7d000 (512000)
46452bc.b58: Resource Dir: 0x7b000 LB 0x3d8
46552bc.b58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
46652bc.b58: [Raw version resource data: 0x7b060 LB 0x378, codepage 0x0 (reserved 0x0)]
46752bc.b58: ProductName: Anti-Malware Core
46852bc.b58: ProductVersion: 1.5.0
46952bc.b58: FileVersion: Anti-Malware Core.1.5.0.2580.x64
47052bc.b58: PrivateBuild: Anti-Malware Core.1.5.0.2580.x64
47152bc.b58: FileDescription: Event Driver
47252bc.b58: \SystemRoot\System32\drivers\mfewfpk.sys:
47352bc.b58: CreationTime: 2017-04-18T14:52:18.000000000Z
47452bc.b58: LastWriteTime: 2017-05-02T16:07:48.000000000Z
47552bc.b58: ChangeTime: 2017-06-22T01:29:14.856178900Z
47652bc.b58: FileAttributes: 0x20
47752bc.b58: Size: 0x3da10
47852bc.b58: NT Headers: 0x100
47952bc.b58: Timestamp: 0x5902c80a
48052bc.b58: Machine: 0x8664 - amd64
48152bc.b58: Timestamp: 0x5902c80a
48252bc.b58: Image Version: 0.0
48352bc.b58: SizeOfImage: 0x59000 (364544)
48452bc.b58: Resource Dir: 0x57000 LB 0x380
48552bc.b58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
48652bc.b58: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
48752bc.b58: ProductName: SYSCORE
48852bc.b58: ProductVersion: 15.6.0.2180
48952bc.b58: FileVersion: SYSCORE.15.6.0.2180
49052bc.b58: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
49152bc.b58: FileDescription: Anti-Virus Mini-Firewall Driver
49252bc.b58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
49352bc.b58: Calling main()
49452bc.b58: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
49552bc.b58: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
49652bc.b58: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
49752bc.b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
49852bc.b58: SUPR3HardenedMain: Respawn #2
49952bc.b58: supR3HardNtEnableThreadCreation:
50052bc.b58: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
50152bc.b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
50252bc.b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
50352bc.b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50452bc.b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a34f0000 'C:\WINDOWS\System32\ntdll.dll'
50552bc.b58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a3569ac0 pvNtTerminateThread=00007ff8a3595df0
50652bc.b58: supR3HardenedWinDoReSpawn(2): New child 4b1c.4954 [kernel32].
50752bc.b58: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
50852bc.b58: supR3HardNtChildGatherData: PebBaseAddress=0000000000246000 cbPeb=0x388
50952bc.b58: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8a34f0000 uNtDllChildAddr=00007ff8a34f0000
51052bc.b58: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8a3569ac0
51152bc.b58: supR3HardenedWinSetupChildInit: Start child.
51252bc.b58: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
51352bc.b58: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 62 sleeps
51452bc.b58: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
51552bc.b58: *0000000000000000-000000000018ffff 0x0001/0x0000 0x0000000
51652bc.b58: *0000000000190000-00000000001affff 0x0004/0x0004 0x0020000
51752bc.b58: *00000000001b0000-00000000001c7fff 0x0002/0x0002 0x0040000
51852bc.b58: 00000000001c8000-00000000001cffff 0x0001/0x0000 0x0000000
51952bc.b58: *00000000001d0000-00000000001d3fff 0x0002/0x0002 0x0040000
52052bc.b58: 00000000001d4000-00000000001dffff 0x0001/0x0000 0x0000000
52152bc.b58: *00000000001e0000-00000000001e0fff 0x0004/0x0004 0x0020000
52252bc.b58: 00000000001e1000-00000000001fffff 0x0001/0x0000 0x0000000
52352bc.b58: *0000000000200000-0000000000245fff 0x0000/0x0004 0x0020000
52452bc.b58: 0000000000246000-0000000000248fff 0x0004/0x0004 0x0020000
52552bc.b58: 0000000000249000-00000000003fffff 0x0000/0x0004 0x0020000
52652bc.b58: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
52752bc.b58: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
52852bc.b58: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
52952bc.b58: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
53052bc.b58: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
53152bc.b58: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
53252bc.b58: 000000007fff0000-00007ff75a32ffff 0x0001/0x0000 0x0000000
53352bc.b58: *00007ff75a330000-00007ff75a352fff 0x0002/0x0002 0x0040000
53452bc.b58: 00007ff75a353000-00007ff75a77ffff 0x0001/0x0000 0x0000000
53552bc.b58: *00007ff75a780000-00007ff75a780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
53652bc.b58: 00007ff75a781000-00007ff75a7f0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
53752bc.b58: 00007ff75a7f1000-00007ff75a7f1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
53852bc.b58: 00007ff75a7f2000-00007ff75a836fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
53952bc.b58: 00007ff75a837000-00007ff75a837fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54052bc.b58: 00007ff75a838000-00007ff75a838fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54152bc.b58: 00007ff75a839000-00007ff75a83dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54252bc.b58: 00007ff75a83e000-00007ff75a83efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54352bc.b58: 00007ff75a83f000-00007ff75a83ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54452bc.b58: 00007ff75a840000-00007ff75a843fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54552bc.b58: 00007ff75a844000-00007ff75a88bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54652bc.b58: 00007ff75a88c000-00007ff8a34effff 0x0001/0x0000 0x0000000
54752bc.b58: *00007ff8a34f0000-00007ff8a34f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
54852bc.b58: 00007ff8a34f1000-00007ff8a35fffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
54952bc.b58: 00007ff8a3600000-00007ff8a3644fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55052bc.b58: 00007ff8a3645000-00007ff8a364cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55152bc.b58: 00007ff8a364d000-00007ff8a365afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55252bc.b58: 00007ff8a365b000-00007ff8a365bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55352bc.b58: 00007ff8a365c000-00007ff8a365efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55452bc.b58: 00007ff8a365f000-00007ff8a36cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55552bc.b58: 00007ff8a36cb000-00007ffffffdffff 0x0001/0x0000 0x0000000
55652bc.b58: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
55752bc.b58: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
55852bc.b58: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
55952bc.b58: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
56052bc.b58: supR3HardNtChildPurify: Done after 587 ms and 0 fixes (loop #0).
5614b1c.4954: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
5624b1c.4954: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8a34f0000 g_uNtVerCombined=0xa03ad700
5634b1c.4954: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
5644b1c.4954: New simple heap: #1 0000000000600000 LB 0x400000 (for 1945600 allocation)
56552bc.b58: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
56652bc.b58: supR3HardNtEnableThreadCreation:
5674b1c.4954: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5684b1c.4954: System32: \Device\HarddiskVolume2\Windows\System32
5694b1c.4954: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
5704b1c.4954: KnownDllPath: C:\WINDOWS\System32
5714b1c.4954: supR3HardenedVmProcessInit: Opening vboxdrv...
5724b1c.4954: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5734b1c.4954: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5744b1c.4954: Registered Dll notification callback with NTDLL.
5754b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5764b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5774b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5784b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0240000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5794b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5804b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5814b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0ab0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5824b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5834b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\System32\KERNEL32.DLL'
5844b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff75a780000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
5854b1c.4954: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5864b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5874b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5884b1c.4954: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a3569ac0 pvNtTerminateThread=00007ff8a3595df0
58952bc.b58: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 124 ms.
5904b1c.4954: \SystemRoot\System32\ntdll.dll:
5914b1c.4954: CreationTime: 2017-06-30T17:08:39.227030600Z
5924b1c.4954: LastWriteTime: 2017-06-20T06:10:49.467134900Z
5934b1c.4954: ChangeTime: 2017-07-01T00:21:09.487023600Z
5944b1c.4954: FileAttributes: 0x20
5954b1c.4954: Size: 0x1d7450
5964b1c.4954: NT Headers: 0xe0
5974b1c.4954: Timestamp: 0xa329d3a8
5984b1c.4954: Machine: 0x8664 - amd64
5994b1c.4954: Timestamp: 0xa329d3a8
6004b1c.4954: Image Version: 10.0
6014b1c.4954: SizeOfImage: 0x1db000 (1945600)
6024b1c.4954: Resource Dir: 0x170000 LB 0x69398
6034b1c.4954: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6044b1c.4954: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6054b1c.4954: ProductName: Microsoft® Windows® Operating System
6064b1c.4954: ProductVersion: 10.0.15063.447
6074b1c.4954: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
6084b1c.4954: FileDescription: NT Layer DLL
6094b1c.4954: \SystemRoot\System32\kernel32.dll:
6104b1c.4954: CreationTime: 2017-05-27T17:42:33.840454800Z
6114b1c.4954: LastWriteTime: 2017-05-27T17:42:33.840454800Z
6124b1c.4954: ChangeTime: 2017-06-30T18:46:29.854227100Z
6134b1c.4954: FileAttributes: 0x20
6144b1c.4954: Size: 0xad068
6154b1c.4954: NT Headers: 0xf8
6164b1c.4954: Timestamp: 0xf5fa43df
6174b1c.4954: Machine: 0x8664 - amd64
6184b1c.4954: Timestamp: 0xf5fa43df
6194b1c.4954: Image Version: 10.0
6204b1c.4954: SizeOfImage: 0xae000 (712704)
6214b1c.4954: Resource Dir: 0xac000 LB 0x520
6224b1c.4954: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6234b1c.4954: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6244b1c.4954: ProductName: Microsoft® Windows® Operating System
6254b1c.4954: ProductVersion: 10.0.15063.296
6264b1c.4954: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
6274b1c.4954: FileDescription: Windows NT BASE API Client DLL
6284b1c.4954: \SystemRoot\System32\KernelBase.dll:
6294b1c.4954: CreationTime: 2017-06-30T17:08:24.893377500Z
6304b1c.4954: LastWriteTime: 2017-06-20T06:11:39.396564300Z
6314b1c.4954: ChangeTime: 2017-07-01T00:21:06.187546100Z
6324b1c.4954: FileAttributes: 0x20
6334b1c.4954: Size: 0x249df0
6344b1c.4954: NT Headers: 0x100
6354b1c.4954: Timestamp: 0x30ec82a7
6364b1c.4954: Machine: 0x8664 - amd64
6374b1c.4954: Timestamp: 0x30ec82a7
6384b1c.4954: Image Version: 10.0
6394b1c.4954: SizeOfImage: 0x249000 (2396160)
6404b1c.4954: Resource Dir: 0x22a000 LB 0x548
6414b1c.4954: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6424b1c.4954: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6434b1c.4954: ProductName: Microsoft® Windows® Operating System
6444b1c.4954: ProductVersion: 10.0.15063.447
6454b1c.4954: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
6464b1c.4954: FileDescription: Windows NT BASE API Client DLL
6474b1c.4954: \SystemRoot\System32\apisetschema.dll:
6484b1c.4954: CreationTime: 2017-03-18T20:57:35.373527900Z
6494b1c.4954: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6504b1c.4954: ChangeTime: 2017-05-27T17:24:19.355449800Z
6514b1c.4954: FileAttributes: 0x20
6524b1c.4954: Size: 0x1ada0
6534b1c.4954: NT Headers: 0xc0
6544b1c.4954: Timestamp: 0x76544b2
6554b1c.4954: Machine: 0x8664 - amd64
6564b1c.4954: Timestamp: 0x76544b2
6574b1c.4954: Image Version: 10.0
6584b1c.4954: SizeOfImage: 0x1b000 (110592)
6594b1c.4954: Resource Dir: 0x1a000 LB 0x408
6604b1c.4954: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6614b1c.4954: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6624b1c.4954: ProductName: Microsoft® Windows® Operating System
6634b1c.4954: ProductVersion: 10.0.15063.0
6644b1c.4954: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
6654b1c.4954: FileDescription: ApiSet Schema DLL
6664b1c.4954: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6674b1c.4954: supR3HardenedWinFindAdversaries: 0x20
6684b1c.4954: \SystemRoot\System32\drivers\cfwids.sys:
6694b1c.4954: CreationTime: 2017-04-18T14:52:18.000000000Z
6704b1c.4954: LastWriteTime: 2017-05-02T16:07:48.000000000Z
6714b1c.4954: ChangeTime: 2017-06-22T01:29:21.639729500Z
6724b1c.4954: FileAttributes: 0x20
6734b1c.4954: Size: 0x12c18
6744b1c.4954: NT Headers: 0xe0
6754b1c.4954: Timestamp: 0x5902c8f4
6764b1c.4954: Machine: 0x8664 - amd64
6774b1c.4954: Timestamp: 0x5902c8f4
6784b1c.4954: Image Version: 0.0
6794b1c.4954: SizeOfImage: 0x14000 (81920)
6804b1c.4954: Resource Dir: 0x12000 LB 0x550
6814b1c.4954: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
6824b1c.4954: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
6834b1c.4954: ProductName: SYSCORE
6844b1c.4954: ProductVersion: 15.6.0.2180
6854b1c.4954: FileVersion: SYSCORE.15.6.0.2180
6864b1c.4954: PrivateBuild: SYSCORE.15.6.0.2180
6874b1c.4954: FileDescription: McAfee Personal Firewall IDS Plugin
6884b1c.4954: \SystemRoot\System32\drivers\mfeavfk.sys:
6894b1c.4954: CreationTime: 2017-04-18T14:52:18.000000000Z
6904b1c.4954: LastWriteTime: 2017-05-02T16:07:48.000000000Z
6914b1c.4954: ChangeTime: 2017-06-22T01:29:10.306578500Z
6924b1c.4954: FileAttributes: 0x20
6934b1c.4954: Size: 0x56610
6944b1c.4954: NT Headers: 0xf8
6954b1c.4954: Timestamp: 0x5902c88c
6964b1c.4954: Machine: 0x8664 - amd64
6974b1c.4954: Timestamp: 0x5902c88c
6984b1c.4954: Image Version: 0.0
6994b1c.4954: SizeOfImage: 0x57000 (356352)
7004b1c.4954: Resource Dir: 0x55000 LB 0x758
7014b1c.4954: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7024b1c.4954: [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)]
7034b1c.4954: ProductName: SYSCORE
7044b1c.4954: ProductVersion: 15.6.0.2180
7054b1c.4954: FileVersion: SYSCORE.15.6.0.2180
7064b1c.4954: PrivateBuild: SYSCORE.15.6.0.2180 F15,F16,F19
7074b1c.4954: FileDescription: Anti-Virus File System Filter Driver
7084b1c.4954: \SystemRoot\System32\drivers\mfefirek.sys:
7094b1c.4954: CreationTime: 2017-04-18T14:52:18.000000000Z
7104b1c.4954: LastWriteTime: 2017-05-02T16:07:48.000000000Z
7114b1c.4954: ChangeTime: 2017-06-22T01:29:20.976381300Z
7124b1c.4954: FileAttributes: 0x20
7134b1c.4954: Size: 0x7b210
7144b1c.4954: NT Headers: 0xe0
7154b1c.4954: Timestamp: 0x5902c8d1
7164b1c.4954: Machine: 0x8664 - amd64
7174b1c.4954: Timestamp: 0x5902c8d1
7184b1c.4954: Image Version: 0.0
7194b1c.4954: SizeOfImage: 0x7d000 (512000)
7204b1c.4954: Resource Dir: 0x79000 LB 0x388
7214b1c.4954: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7224b1c.4954: [Raw version resource data: 0x79060 LB 0x328, codepage 0x0 (reserved 0x0)]
7234b1c.4954: ProductName: SYSCORE
7244b1c.4954: ProductVersion: 15.6.0.2180
7254b1c.4954: FileVersion: SYSCORE.15.6.0.2180
7264b1c.4954: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
7274b1c.4954: FileDescription: McAfee Core Firewall Engine Driver
7284b1c.4954: \SystemRoot\System32\drivers\mfehidk.sys:
7294b1c.4954: CreationTime: 2017-04-18T14:52:18.000000000Z
7304b1c.4954: LastWriteTime: 2017-05-02T16:07:48.000000000Z
7314b1c.4954: ChangeTime: 2017-06-22T01:29:16.601713600Z
7324b1c.4954: FileAttributes: 0x20
7334b1c.4954: Size: 0xe0410
7344b1c.4954: NT Headers: 0xf8
7354b1c.4954: Timestamp: 0x5902c7ef
7364b1c.4954: Machine: 0x8664 - amd64
7374b1c.4954: Timestamp: 0x5902c7ef
7384b1c.4954: Image Version: 0.0
7394b1c.4954: SizeOfImage: 0xe9000 (954368)
7404b1c.4954: Resource Dir: 0xe5000 LB 0x758
7414b1c.4954: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7424b1c.4954: [Raw version resource data: 0xe5110 LB 0x320, codepage 0x0 (reserved 0x0)]
7434b1c.4954: ProductName: SYSCORE
7444b1c.4954: ProductVersion: 15.6.0.2180
7454b1c.4954: FileVersion: SYSCORE.15.6.0.2180
7464b1c.4954: PrivateBuild: SYSCORE.15.6.0.2180 F14,F15,F16,F18,F20
7474b1c.4954: FileDescription: McAfee Link Driver
7484b1c.4954: \SystemRoot\System32\drivers\mfencbdc.sys:
7494b1c.4954: CreationTime: 2017-04-07T07:42:02.000000000Z
7504b1c.4954: LastWriteTime: 2017-04-07T07:42:02.000000000Z
7514b1c.4954: ChangeTime: 2017-06-22T01:30:21.795119700Z
7524b1c.4954: FileAttributes: 0x20
7534b1c.4954: Size: 0x79010
7544b1c.4954: NT Headers: 0xe0
7554b1c.4954: Timestamp: 0x58de271a
7564b1c.4954: Machine: 0x8664 - amd64
7574b1c.4954: Timestamp: 0x58de271a
7584b1c.4954: Image Version: 0.0
7594b1c.4954: SizeOfImage: 0x7d000 (512000)
7604b1c.4954: Resource Dir: 0x7b000 LB 0x3d8
7614b1c.4954: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7624b1c.4954: [Raw version resource data: 0x7b060 LB 0x378, codepage 0x0 (reserved 0x0)]
7634b1c.4954: ProductName: Anti-Malware Core
7644b1c.4954: ProductVersion: 1.5.0
7654b1c.4954: FileVersion: Anti-Malware Core.1.5.0.2580.x64
7664b1c.4954: PrivateBuild: Anti-Malware Core.1.5.0.2580.x64
7674b1c.4954: FileDescription: Event Driver
7684b1c.4954: \SystemRoot\System32\drivers\mfewfpk.sys:
7694b1c.4954: CreationTime: 2017-04-18T14:52:18.000000000Z
7704b1c.4954: LastWriteTime: 2017-05-02T16:07:48.000000000Z
7714b1c.4954: ChangeTime: 2017-06-22T01:29:14.856178900Z
7724b1c.4954: FileAttributes: 0x20
7734b1c.4954: Size: 0x3da10
7744b1c.4954: NT Headers: 0x100
7754b1c.4954: Timestamp: 0x5902c80a
7764b1c.4954: Machine: 0x8664 - amd64
7774b1c.4954: Timestamp: 0x5902c80a
7784b1c.4954: Image Version: 0.0
7794b1c.4954: SizeOfImage: 0x59000 (364544)
7804b1c.4954: Resource Dir: 0x57000 LB 0x380
7814b1c.4954: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7824b1c.4954: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
7834b1c.4954: ProductName: SYSCORE
7844b1c.4954: ProductVersion: 15.6.0.2180
7854b1c.4954: FileVersion: SYSCORE.15.6.0.2180
7864b1c.4954: PrivateBuild: SYSCORE.15.6.0.2180 F17,F18
7874b1c.4954: FileDescription: Anti-Virus Mini-Firewall Driver
7884b1c.4954: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7894b1c.4954: Calling main()
7904b1c.4954: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7914b1c.4954: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7924b1c.4954: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7934b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7944b1c.4954: SUPR3HardenedMain: Final process, opening VBoxDrv...
7954b1c.4954: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
7964b1c.4954: supR3HardNtEnableThreadCreation:
7974b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7984b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7994b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8004b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8014b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89ca50000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8024b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8034b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8044b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8054b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ca50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8064b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8074b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8084b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ca50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8094b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ca50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8104b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8114b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8124b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8134b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
8144b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8154b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8164b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8174b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8184b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8194b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8204b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8214b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8224b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
8234b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8244b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8274b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8284b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8304b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8314b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8324b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8354b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8364b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8374b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1120000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
8384b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8394b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f980000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
8404b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8414b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89fa40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
8424b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
8434b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
8444b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0790000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
8454b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8464b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0d30000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
8474b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8484b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a11c0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8494b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
8504b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
8514b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
8524b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1070000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
8534b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8544b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
8554b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
8564b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
8574b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
8584b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0960000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
8594b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8604b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8614b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-synch-l1-2-0'
8624b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8634b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-fibers-l1-1-1'
8644b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8654b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-fibers-l1-1-1'
8664b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8674b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-synch-l1-2-0'
8684b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8694b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-localization-l1-2-1'
8704b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\WINDOWS\system32\Wintrust.dll'
8714b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8724b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8734b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8744b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8754b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8764b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8774b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8784b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8794b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8804b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8814b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8824b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8844b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8854b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8864b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8874b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f500000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
8884b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8894b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f500000 'C:\WINDOWS\system32\bcrypt.dll'
8904b1c.4954: bcrypt.dll loaded at 00007ff89f500000, BCryptOpenAlgorithmProvider at 00007ff89f504aa0, preloading providers:
8914b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8924b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8934b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8944b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a09c0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
8954b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8964b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a09c0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8974b1c.4954: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000bef020)
8984b1c.4954: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000bef630)
8994b1c.4954: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000bf0110)
9004b1c.4954: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000bf03e0)
9014b1c.4954: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000bf06b0)
9024b1c.4954: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000bf0980)
9034b1c.4954: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000bf0c50)
9044b1c.4954: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000bf0f20)
9054b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9064b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9074b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9084b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9094b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9104b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9114b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9124b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9134b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9144b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9154b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9164b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9174b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9184b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9194b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9204b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9214b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9224b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9234b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9244b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9264b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
9274b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
9284b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f3f0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9294b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9304b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
9314b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9324b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9354b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9364b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9374b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9384b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89ee70000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
9394b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9404b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
9414b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
9424b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9434b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9444b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f410000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9454b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9464b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9474b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9494b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9504b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9514b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\System32\kernel32.dll'
9524b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9534b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
9544b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9554b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9564b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\CRYPT32.dll'
9574b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1220000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
9584b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9594b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9604b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9614b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9624b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
9634b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9644b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9654b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
9664b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
9674b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
9684b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll)
9694b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
9704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9714b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9724b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9734b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9744b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89e580000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
9754b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9764b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f940000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
9774b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9784b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9794b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9804b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9814b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9824b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9844b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9854b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9874b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9884b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9894b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9904b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9914b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9934b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9944b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9954b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
9964b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
9974b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
9984b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
9994b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
10004b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10014b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10024b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10034b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10044b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10054b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10064b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10074b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10084b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10094b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10104b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10114b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10124b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
10134b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
10144b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
10154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
10164b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
10174b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
10184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10194b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10204b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10214b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10224b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10234b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff890520000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
10244b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10254b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10264b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10274b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10284b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10294b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10314b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10324b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10334b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10344b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10354b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10364b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10374b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10384b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10394b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10404b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10414b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10424b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10434b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10444b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10454b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10464b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10474b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10484b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10494b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10504b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10514b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10524b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10534b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\WINDOWS\System32\cryptnet.dll'
10544b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10554b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\Windows\System32\cryptnet.dll'
10564b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10574b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10584b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
10594b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10604b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10614b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
10624b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10634b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000c57090
10644b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
10654b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
10664b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10674b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10684b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0d30000 'C:\WINDOWS\System32\rpcrt4.dll'
10694b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10704b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10714b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10724b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10734b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10744b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10754b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10764b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10774b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10784b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10794b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10804b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10814b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10824b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10834b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
10844b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10854b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10864b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
10874b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10884b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10894b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
10904b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1097_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
10914b1c.4954: g_pfnWinVerifyTrust=00007ff8a096d3e0
10924b1c.4954: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10934b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10944b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10954b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
10964b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10974b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10984b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
10994b1c.4954: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
11004b1c.4954: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
11014b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11024b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11034b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11044b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11054b1c.4954: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
11064b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11074b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11084b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11094b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11104b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
11114b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11124b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11134b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11144b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
11154b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11164b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11174b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11184b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
11194b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
11204b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
11214b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
11224b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
11234b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11244b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11264b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
11274b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11284b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
11294b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11314b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11324b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11334b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11344b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11354b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11364b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
11374b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
11384b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
11394b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
11404b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
11414b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11424b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11434b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11444b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11454b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11464b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
11474b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11484b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
11494b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11504b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11514b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11524b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11534b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11544b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11554b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11564b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11574b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11584b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11594b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11604b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11614b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11624b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11634b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11644b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11654b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11664b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11674b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11684b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11694b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11704b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11714b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11724b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11734b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11744b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11754b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11764b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11774b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11784b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11794b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
11804b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11814b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11824b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11834b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11844b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11854b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11864b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11874b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11884b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11894b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11904b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11914b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11924b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
11934b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11944b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11954b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11964b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
11974b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
11984b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11994b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\system32\crypt32.dll'
12004b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12014b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12024b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12034b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
12044b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12054b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12064b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12074b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12084b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12094b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
12104b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12114b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
12124b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12134b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x760668e19592ff00 CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
12144b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
12154b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12164b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
12174b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12184b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12194b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12204b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
12214b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12224b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12234b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12244b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
12254b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12264b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12274b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12284b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12294b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12304b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
12314b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12324b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
12334b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12344b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12354b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12364b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12374b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12384b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
12394b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12404b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12414b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12424b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12434b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12444b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12454b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12464b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
12474b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
12484b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
12494b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
12504b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12514b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12524b1c.4954: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12534b1c.4954: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
12544b1c.4954: SUPR3HardenedMain: Load Runtime...
12554b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
12564b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12574b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12584b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12594b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12604b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12614b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12624b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12644b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12654b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12664b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12674b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
12684b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12694b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
12704b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12714b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12724b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
12734b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
12744b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12754b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12764b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12774b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12784b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12794b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12804b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12814b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
12824b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12834b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12844b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12854b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12874b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12884b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12894b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12904b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
12914b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12924b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
12934b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12944b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12954b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12964b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12974b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12984b1c.4954: supR3HardenedDllNotificationCallback: load 000000005e230000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12994b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13004b1c.4954: supR3HardenedDllNotificationCallback: load 000000005e6b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13014b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13024b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a2ea0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
13034b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13044b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff843b00000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13054b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13064b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13074b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13084b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13094b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13104b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13114b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13124b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13134b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13144b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13154b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13164b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13174b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13184b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13194b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13204b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13214b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13224b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13234b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13244b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13264b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13274b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13284b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13294b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13314b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13324b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13334b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13344b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13354b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13364b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13374b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13384b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13394b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13404b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13414b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13424b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13434b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13444b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13454b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13464b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13474b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13484b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13494b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13504b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13514b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13524b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13534b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13544b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13554b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13564b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843b00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13574b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\WINDOWS\system32\Wintrust.dll'
13584b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
13594b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
13604b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
13614b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
13624b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\system32\crypt32.dll'
13634b1c.4954: SUPR3HardenedMain: Load TrustedMain...
13644b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
13654b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13664b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13674b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13684b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13694b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13714b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13724b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13734b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13744b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13754b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13764b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13774b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13784b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13794b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13804b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13814b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13824b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13844b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
13854b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
13864b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
13874b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13884b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13894b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13904b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13914b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13934b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13944b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13954b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13964b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13974b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
13984b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13994b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
14004b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
14014b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14024b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14034b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14044b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
14054b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
14064b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14074b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
14084b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
14094b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
14104b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14114b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14124b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14134b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14144b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14164b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14174b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
14184b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14194b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
14204b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
14214b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
14224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14234b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14244b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
14254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
14264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
14274b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
14284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
14314b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
14324b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
14334b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
14344b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
14354b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
14364b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
14374b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
14384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14394b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14404b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14414b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14424b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
14434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14454b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
14464b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
14474b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
14484b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
14494b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
14504b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14514b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14524b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
14534b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
14544b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14554b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14564b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14574b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14584b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14594b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14604b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14614b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14624b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
14634b1c.4954: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
14644b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
14654b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
14664b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
14674b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
14684b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14694b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
14704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
14714b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14724b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14734b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14744b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14754b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14764b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14774b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14784b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
14794b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14804b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14814b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14824b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14844b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14854b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14874b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14884b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
14894b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
14904b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
14914b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14934b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
14944b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14954b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14964b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14974b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14984b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14994b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15004b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
15014b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
15024b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15034b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15044b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15054b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15064b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15074b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
15084b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15094b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
15104b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
15114b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
15124b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
15134b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
15144b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
15154b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
15164b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
15174b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15194b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15204b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
15214b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
15224b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15234b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
15244b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15254b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
15264b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15274b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15284b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
15294b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15304b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15324b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
15334b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15344b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15354b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15364b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15374b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15384b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15394b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15404b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
15414b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15424b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15444b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15454b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15464b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15474b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15494b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15504b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15514b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15524b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15534b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15544b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15554b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15564b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15574b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15584b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15594b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15604b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15614b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15624b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15644b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15654b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15664b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15674b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15684b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15694b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15704b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15714b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15724b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15734b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15744b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15754b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15764b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15774b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15784b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15794b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15804b1c.4954: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
15814b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15824b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
15834b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15844b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15854b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
15864b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
15874b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15884b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15894b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15904b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15914b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15934b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15944b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15954b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15964b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15974b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15984b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15994b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
16004b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
16014b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
16024b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16034b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16044b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16054b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16064b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16074b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16084b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16094b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16104b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16114b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16124b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16134b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16144b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16164b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16174b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
16184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
16194b1c.4954: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
16204b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16214b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16224b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
16234b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
16244b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
16254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16274b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16304b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16324b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16334b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16354b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16364b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16374b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16394b1c.4954: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
16404b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16414b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16424b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16454b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
16464b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16474b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16484b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
16494b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16504b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
16514b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16524b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
16534b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
16544b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
16554b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
16564b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16574b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16584b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
16594b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16604b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16614b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16624b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16644b1c.4954: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
16654b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16664b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
16674b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
16684b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
16694b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
16704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
16714b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
16724b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16734b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16744b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16754b1c.4954: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
16764b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16774b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
16784b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
16794b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16804b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16814b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16824b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16844b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16854b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
16864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16874b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16884b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16894b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16904b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16914b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16934b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16944b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16954b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
16964b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
16974b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
16984b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16994b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17004b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17014b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17024b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17034b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17044b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17054b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
17064b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17074b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17084b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17094b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
17104b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
17114b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17124b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17134b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17144b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17164b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
17174b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17184b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
17194b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
17204b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
17214b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17234b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17244b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17274b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17304b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17324b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17354b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17364b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17374b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17394b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17404b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17414b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
17424b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
17434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17454b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
17464b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
17474b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
17484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17494b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17504b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
17514b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
17524b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
17534b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17544b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17554b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
17564b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
17574b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
17584b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17594b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17604b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17614b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17624b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17644b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17654b1c.4954: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
17664b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000540 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
17674b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
17684b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
17694b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
17704b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
17714b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
17724b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17734b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17744b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17754b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
17764b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17774b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17784b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17794b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17804b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17814b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17824b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17834b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17844b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17854b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17864b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17874b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17884b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17894b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17904b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
17914b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
17924b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17934b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0620000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
17944b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
17954b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a06f0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
17964b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
17974b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0490000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
17984b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
17994b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
18004b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
18014b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
18024b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
18034b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
18044b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a3120000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
18054b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
18064b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0f20000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
18074b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff88dcc0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
18084b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
18094b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff87fdb0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
18104b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18114b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f9f0000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
18124b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
18134b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18144b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a31d0000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
18154b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
18164b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1280000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
18174b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18184b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
18194b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
18204b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
18214b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
18224b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0b60000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
18234b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
18244b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f960000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
18254b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
18264b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
18274b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
18284b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
18294b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f9a0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
18304b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
18314b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
18324b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
18334b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89fb40000 LB 0x006f2000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
18344b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18354b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
18364b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
18374b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
18384b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
18394b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
18404b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1a60000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
18414b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18424b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a14d0000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
18434b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18444b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff88de80000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
18454b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
18464b1c.4954: supR3HardenedDllNotificationCallback: load 000000005c4e0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
18474b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18484b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff842c10000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
18494b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18504b1c.4954: supR3HardenedDllNotificationCallback: load 000000005d780000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18514b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18524b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff892b20000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
18534b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
18544b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8834c0000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
18554b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
18564b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a2f10000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
18574b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
18584b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff878280000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18594b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18604b1c.4954: supR3HardenedDllNotificationCallback: load 000000005eea0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18614b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18624b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0e60000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
18634b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18644b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8966c0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
18654b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
18664b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8966f0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
18674b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18684b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff843210000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18694b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18704b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
18714b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
18724b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
18734b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
18744b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
18754b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
18764b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
18774b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
18784b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
18794b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
18804b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
18814b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
18824b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
18834b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
18844b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
18854b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
18864b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
18874b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
18884b1c.4954: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
18894b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
18904b1c.4954: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
18914b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
18924b1c.4954: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18934b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
18944b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
18954b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
18964b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18974b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
18984b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18994b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
19004b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19014b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
19024b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
19034b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
19044b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19054b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19064b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19074b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
19084b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19094b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19104b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19114b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19124b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
19134b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19144b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19164b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19174b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19194b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19204b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19214b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19234b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19244b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19254b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19264b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19274b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
19284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19304b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19324b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19344b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19354b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
19364b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
19374b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19394b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19404b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19414b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19424b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19434b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
19454b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
19464b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
19474b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19494b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19504b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19514b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19524b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19534b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19544b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19554b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19564b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19574b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19584b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\System32\kernel32.dll'
19594b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19604b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-string-l1-1-0'
19614b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19624b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-datetime-l1-1-1'
19634b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19644b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-localization-obsolete-l1-2-0'
19654b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19664b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
19674b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
19684b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
19694b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
19704b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19714b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19724b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19734b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
19744b1c.4954: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
19754b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19764b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19774b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19784b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a1250000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
19794b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19804b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1250000 'C:\WINDOWS\system32\IMM32.DLL'
19814b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19824b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
19834b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19844b1c.4954: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19854b1c.4954: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
19864b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19874b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1250000 'C:\WINDOWS\System32\imm32.dll'
19884b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19894b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19904b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1070000 'C:\WINDOWS\System32\ADVAPI32.DLL'
19914b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff843210000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19924b1c.4954: SUPR3HardenedMain: Calling TrustedMain (00007ff843211610)...
19934b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
19944b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19954b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19964b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19974b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19984b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19994b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20004b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
20014b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
20024b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
20034b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
20044b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
20054b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
20064b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20074b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20084b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20094b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20104b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20114b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20124b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20134b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20144b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20154b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20164b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20174b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20194b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20204b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20214b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20234b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20244b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20264b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20274b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
20284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
20294b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
20304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
20314b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
20324b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
20334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20354b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20364b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20374b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20384b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20394b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20404b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20414b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
20424b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
20434b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
20444b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
20454b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20464b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20474b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff84d610000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
20484b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20494b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84d610000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
20504b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20514b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
20524b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
20534b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
20544b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
20554b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
20564b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
20574b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20584b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20594b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
20604b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
20614b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
20624b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20644b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20654b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20664b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20674b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20684b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20694b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20704b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20714b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20724b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89def0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
20734b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20744b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89def0000 'C:\WINDOWS\system32\uxtheme.dll'
20754b1c.4954: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
20764b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
20774b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
20784b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
20794b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20804b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
20814b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
20824b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
20834b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
20844b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
20854b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20874b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20884b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20894b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20904b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20914b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20924b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20934b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20944b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20954b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20964b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20974b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
20984b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
20994b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21004b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
21014b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
21024b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
21034b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
21044b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21054b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21064b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
21074b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
21084b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21094b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21104b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21114b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
21124b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21134b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff892e10000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
21144b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21154b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff87f3e0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
21164b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
21174b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87f3e0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
21184b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21194b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21204b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1070000 'C:\WINDOWS\system32\advapi32.dll'
21214b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'C:\WINDOWS\system32\user32.dll'
21224b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21234b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21244b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
21254b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
21264b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
21274b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21284b1c.4954: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
21294b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1280000 'C:\WINDOWS\system32\SHCore.dll'
21314b1c.4954: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
21324b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21334b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
21344b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21354b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
21364b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
21374b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
21384b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
21394b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21404b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89c8a0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
21414b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
21424b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21444b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21454b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21464b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21474b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21494b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
21504b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21514b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21524b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
21534b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21544b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
21554b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21564b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21574b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\system32\winmm.dll'
21584b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21594b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21604b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\system32\winmm.dll'
21614b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21624b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21634b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
21644b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21654b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21664b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89def0000 'C:\WINDOWS\system32\uxtheme.dll'
21674b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1070000 'C:\WINDOWS\system32\advapi32.dll'
21684b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
21694b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
21714b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
21724b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
21734b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
21744b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
21754b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
21764b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
21774b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21784b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21794b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
21804b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21814b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21824b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89f870000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
21834b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21844b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f870000 'C:\WINDOWS\system32\userenv.dll'
21854b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21864b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21874b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\System32\kernel32.dll'
21884b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a3020000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
21894b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21904b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
21914b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
21924b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
21934b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21944b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21954b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21964b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21974b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
21984b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
21994b1c.2bf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
22004b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
22014b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22024b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22034b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22044b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22054b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22064b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22074b1c.2bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22084b1c.2bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
22094b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22104b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22114b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22124b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22134b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22144b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22154b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22164b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22174b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22184b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22194b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22204b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22214b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22224b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22234b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22244b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22254b1c.2bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
22264b1c.2bf4: supR3HardenedDllNotificationCallback: load 00007ff842070000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
22274b1c.2bf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
22284b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
22294b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
22304b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22314b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22324b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22334b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
22344b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22354b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22364b1c.2bf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22374b1c.2bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
22384b1c.2bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22394b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22404b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22414b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22424b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22434b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22444b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22454b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22464b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22474b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22484b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22494b1c.2bf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
22504b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
22514b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
22524b1c.2bf4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
22534b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22544b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22554b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22564b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22574b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22584b1c.2bf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22594b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22604b1c.2bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22614b1c.2bf4: supR3HardenedDllNotificationCallback: load 00007ff874c80000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
22624b1c.2bf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22634b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff874c80000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
22644b1c.2bf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22654b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22664b1c.2bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0e60000 'C:\Windows\System32\oleaut32.dll'
22674b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a3120000 'C:\WINDOWS\system32\gdi32.dll'
22684b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
22694b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8a0bc0000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
22704b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22714b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
22724b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
22734b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
22744b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
22754b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
22764b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
22774b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
22784b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22794b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22804b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
22814b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22824b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22834b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22844b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22854b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22864b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22874b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22884b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22894b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22904b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22914b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
22924b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
22934b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
22944b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
22954b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
22964b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
22974b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
22984b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
22994b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
23004b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
23014b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23024b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23034b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
23044b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
23054b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
23064b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
23074b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
23084b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23094b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
23104b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
23114b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
23124b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
23134b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
23144b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23154b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
23164b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
23174b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
23184b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
23194b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23204b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23214b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23234b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23244b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
23254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
23264b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23274b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
23284b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
23294b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
23304b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
23314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23324b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23334b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
23344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23354b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23364b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23374b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
23384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
23394b1c.4954: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
23404b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23414b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
23424b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
23434b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
23444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23454b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23464b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23474b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23484b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23494b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23504b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23514b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
23524b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
23534b1c.4954: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
23544b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23554b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23564b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
23574b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23584b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23594b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23604b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23614b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
23624b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
23634b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
23644b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89e600000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
23654b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
23664b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89cbc0000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
23674b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
23684b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89d890000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
23694b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
23704b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8828d0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
23714b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23724b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8828d0000 'C:\WINDOWS\system32\dataexchange.dll'
23734b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
23744b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
23754b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
23764b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23774b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
23784b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
23794b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
23804b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
23814b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
23824b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89e160000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
23834b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
23844b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23854b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
23864b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
23874b1c.4954: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
23884b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
23894b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23904b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
23914b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
23924b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
23934b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
23944b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23954b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
23964b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
23974b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
23984b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
23994b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
24004b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
24014b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
24024b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
24034b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
24044b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
24054b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24064b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
24074b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll)
24084b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll
24094b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89eca0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
24104b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
24114b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89cad0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
24124b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
24134b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89bf80000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
24144b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
24154b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89c5c0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
24164b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
24174b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff89b600000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
24184b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
24194b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff895cf0000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
24204b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
24214b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24224b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24234b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24244b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24254b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
24264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
24274b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
24284b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24294b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24304b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24314b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24324b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
24334b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24344b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24354b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24364b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24374b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
24384b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
24394b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
24404b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
24414b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
24424b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
24434b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24444b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24454b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
24464b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
24474b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
24484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
24494b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
24504b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
24514b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24524b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24534b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24544b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24554b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
24564b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24574b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24584b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
24594b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24604b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24614b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24624b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24634b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24644b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24654b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll'
24664b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24674b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24684b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
24694b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24704b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24714b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
24724b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24734b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24744b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
24754b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24764b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24774b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
24784b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
24794b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
24804b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
24814b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9F6A1B151CF57E6DCA07996124AC68D7674C81
24824b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24834b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24844b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-InputService-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
24854b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24864b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
24874b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
24884b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
24894b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24904b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
24914b1c.4954: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
24924b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24934b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24944b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0e60000 'C:\WINDOWS\System32\OLEAUT32.DLL'
24954b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24964b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
24974b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24984b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
24994b1c.4954: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
25004b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25014b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
25024b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25034b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a31d0000 'api-ms-win-core-com-l1-1-1.dll'
25044b1c.4954: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
25054b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25064b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
25074b1c.4954: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
25084b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25094b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
25104b1c.4954: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
25114b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25124b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
25134b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
25144b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25154b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bc0000 'C:\WINDOWS\System32\MSCTF.dll'
25164b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25174b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25184b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0ab0000 'C:\WINDOWS\system32\kernel32.dll'
25194b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25204b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25214b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89c8a0000 'C:\WINDOWS\system32\dwmapi.dll'
25224b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'C:\WINDOWS\system32\user32.dll'
25234b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25244b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89def0000 'C:\WINDOWS\system32\uxtheme.dll'
25264b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
25274b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
25284b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25294b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a14d0000 'C:\WINDOWS\System32\ole32.dll'
25314b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25324b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25334b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0e60000 'C:\WINDOWS\System32\OLEAUT32.dll'
25344b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b78 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25354b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
25364b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
25374b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
25384b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
25394b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
25404b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
25414b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25424b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25434b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25444b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25454b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
25464b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25474b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25484b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25494b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25504b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
25514b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
25524b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
25534b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
25544b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
25554b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
25564b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25574b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25584b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
25594b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
25604b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
25614b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25624b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25634b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25644b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25654b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25664b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25674b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25684b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25694b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25704b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
25714b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
25724b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
25734b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25744b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25754b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25764b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25774b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25784b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff896b60000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
25794b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25804b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff896bf0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
25814b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25824b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25834b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
25844b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896bf0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
25854b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25864b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
25874b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
25884b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
25894b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
25904b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
25914b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
25924b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25934b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25944b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
25954b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
25964b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25974b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25984b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25994b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26004b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26014b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
26024b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26034b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
26044b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff8956a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
26054b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
26064b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8956a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
26074b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26084b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-localization-l1-2-0.dll'
26094b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26104b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0240000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
26114b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b94 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26124b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
26134b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
26144b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
26154b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26164b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
26174b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
26184b1c.4954: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26194b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26204b1c.4954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
26214b1c.4954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
26224b1c.4954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26234b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26244b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26254b1c.4954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
26264b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26274b1c.4954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26284b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26294b1c.4954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26304b1c.4954: supR3HardenedDllNotificationCallback: load 00007ff895740000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
26314b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26324b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895740000 'C:\WINDOWS\system32\wbem\fastprox.dll'
26334b1c.43e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26344b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26354b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
26364b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26374b1c.43e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
26384b1c.43e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26394b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26404b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26414b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
26424b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
26434b1c.43e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26444b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
26454b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26464b1c.43e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
26474b1c.43e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
26484b1c.43e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26494b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26504b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26514b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26524b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26534b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26544b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26554b1c.43e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26564b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26574b1c.43e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26584b1c.43e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26594b1c.43e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26604b1c.43e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26614b1c.43e0: supR3HardenedDllNotificationCallback: load 000000005d670000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
26624b1c.43e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26634b1c.43e0: supR3HardenedDllNotificationCallback: load 00007ff846320000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26644b1c.43e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26654b1c.43e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff846320000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26664b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26674b1c.2b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26684b1c.2b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26694b1c.2b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26704b1c.2b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26714b1c.2b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
26724b1c.2b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
26734b1c.2b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26744b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26754b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26764b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26774b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26784b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26794b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26804b1c.2b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26814b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26824b1c.2b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26834b1c.2b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26844b1c.2b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26854b1c.2b24: supR3HardenedDllNotificationCallback: load 00007ff89a500000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
26864b1c.2b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26874b1c.2b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a500000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
26884b1c.2b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'C:\WINDOWS\system32\User32.dll'
26894b1c.45e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
26904b1c.45e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26914b1c.45e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26924b1c.45e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26934b1c.45e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
26944b1c.45e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26954b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26964b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26974b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26984b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26994b1c.45e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
27004b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27014b1c.45e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27024b1c.45e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27034b1c.45e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27044b1c.45e4: supR3HardenedDllNotificationCallback: load 00007ff8991f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
27054b1c.45e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27064b1c.45e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8991f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
27074b1c.525c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27084b1c.525c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27094b1c.525c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27104b1c.525c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27114b1c.525c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
27124b1c.525c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27134b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27144b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27154b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27164b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27174b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27184b1c.525c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27194b1c.525c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27204b1c.525c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27214b1c.525c: supR3HardenedDllNotificationCallback: load 00007ff8991e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
27224b1c.525c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27234b1c.525c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8991e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
27244b1c.39b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27254b1c.39b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27264b1c.39b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27274b1c.39b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27284b1c.39b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
27294b1c.39b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27304b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27314b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27324b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27334b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27344b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27354b1c.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27364b1c.39b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
27374b1c.39b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27384b1c.39b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27394b1c.39b4: supR3HardenedDllNotificationCallback: load 00007ff899040000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
27404b1c.39b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27414b1c.39b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899040000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
27424b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\Shell32.dll'
27434b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27444b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27454b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27464b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27474b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27484b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27494b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
27504b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
27514b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
27524b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
27534b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
27544b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27554b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27564b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27574b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27584b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27594b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
27604b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27614b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
27624b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
27634b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27644b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27654b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27664b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27674b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27684b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
27694b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27704b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27714b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27724b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
27734b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27744b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
27754b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
27764b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
27774b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27784b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27794b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27804b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27814b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27824b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27834b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27844b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
27854b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27864b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27874b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27884b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27894b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
27904b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27914b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27924b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27934b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27944b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27954b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27964b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27974b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27984b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27994b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28004b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28014b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28024b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28034b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28044b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28054b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28064b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28074b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28084b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28094b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28104b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28114b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28124b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28134b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28144b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28154b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28164b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28174b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28184b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28194b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28204b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28214b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28224b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28234b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28244b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28254b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28264b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28274b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28284b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28294b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28304b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28314b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff8a1620000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
28324b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28334b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff8663b0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
28344b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28354b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff863660000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
28364b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28374b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89eff0000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
28384b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28394b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff841610000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
28404b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28414b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841610000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
28424b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28434b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28444b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28454b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
28464b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28474b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28484b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28494b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff863660000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
28504b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28514b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28524b1c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
28534b1c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28544b1c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28554b1c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28564b1c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28574b1c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28584b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28594b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28604b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28614b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28624b1c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28634b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28644b1c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28654b1c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28664b1c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28674b1c.254: supR3HardenedDllNotificationCallback: load 00007ff896a40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
28684b1c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28694b1c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896a40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
28704b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28714b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28724b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89eff0000 'C:\WINDOWS\system32\Iphlpapi.dll'
28734b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
28744b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
28754b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
28764b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
28774b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff8a1240000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
28784b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
28794b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
28804b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff897120000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
28814b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
28824b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
28834b1c.1664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
28844b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28854b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff897100000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
28864b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
28874b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
28884b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28894b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
28904b1c.1664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
28914b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28924b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff8970e0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
28934b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
28944b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28954b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
28964b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
28974b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
28984b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
28994b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29004b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29014b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29024b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29034b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29044b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29054b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29064b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29074b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29084b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29094b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29104b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29114b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29124b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29134b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29144b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29154b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29164b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29174b1c.1664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29184b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
29194b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
29204b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
29214b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
29224b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29234b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29244b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29254b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29264b1c.1664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29274b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29284b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29294b1c.1664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
29304b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29314b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29324b1c.1664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
29334b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f5c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
29344b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
29354b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
29364b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
29374b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29384b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29394b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
29404b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29414b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29424b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
29434b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
29444b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
29454b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29464b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29474b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29484b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29494b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29504b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29514b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29524b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89a510000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
29534b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29544b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29554b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29564b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a510000 'C:\WINDOWS\System32\dsound.dll'
29574b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a510000 'C:\WINDOWS\System32\dsound.dll'
29584b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29594b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29604b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a510000 'C:\WINDOWS\system32\dsound.dll'
29614b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29624b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29634b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29644b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
29654b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
29664b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
29674b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29684b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29694b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29704b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29714b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29724b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29734b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29744b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
29754b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
29764b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
29774b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
29784b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
29794b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
29804b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29814b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29824b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29834b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29844b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29854b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29864b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29874b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
29884b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
29894b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
29904b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
29914b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29924b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29934b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29944b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29954b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
29964b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
29974b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
29984b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
29994b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
30004b1c.1664: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
30014b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30024b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30034b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
30044b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30054b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89e2d0000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
30064b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
30074b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff896e20000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
30084b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30094b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff896fc0000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
30104b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30114b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896fc0000 'C:\WINDOWS\System32\MMDevApi.dll'
30124b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30134b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30144b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896fc0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
30154b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30164b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30174b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
30184b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fac pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30194b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
30204b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
30214b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
30224b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
30234b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
30244b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_924_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30254b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30264b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30274b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
30284b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
30294b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
30304b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
30314b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30324b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30334b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30344b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
30354b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
30364b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
30374b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
30384b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30394b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30404b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
30414b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
30424b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30434b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
30444b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30454b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30464b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30474b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30484b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30494b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30504b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30514b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30524b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30534b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30544b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30554b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30564b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89a070000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
30574b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30584b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89bcf0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
30594b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30604b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff87ae60000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
30614b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30624b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
30634b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30644b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30654b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
30664b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30674b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30684b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
30694b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30704b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30714b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
30724b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30734b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30744b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
30754b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
30764b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
30774b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30784b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
30794b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
30804b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
30814b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
30824b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
30834b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30844b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30854b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30864b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30874b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30884b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30894b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30904b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30914b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30924b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30934b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30944b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
30954b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
30964b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
30974b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30984b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30994b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff892830000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
31004b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31014b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff892830000 'C:\WINDOWS\System32\AUDIOSES.DLL'
31024b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31034b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31044b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
31054b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31064b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31074b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
31084b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87ae60000 'C:\WINDOWS\System32\wdmaud.drv'
31094b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
31104b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
31114b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
31124b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
31134b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
31144b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
31154b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
31164b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31174b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31184b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
31194b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
31204b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
31214b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
31224b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31234b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
31244b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
31254b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
31264b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
31274b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
31284b1c.1664: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
31294b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31304b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31314b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
31324b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
31334b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31344b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
31354b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31364b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31374b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31384b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31394b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31404b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31414b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31424b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31434b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31444b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31454b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31464b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89a730000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
31474b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
31484b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff89b200000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
31494b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31504b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31514b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31524b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31534b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31544b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31554b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31564b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31574b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31584b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31594b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31604b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31614b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31624b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31634b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31644b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31654b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31664b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
31674b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31684b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31694b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31704b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31714b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b200000 'C:\WINDOWS\System32\msacm32.drv'
31724b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001058 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
31734b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
31744b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
31754b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
31764b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
31774b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
31784b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
31794b1c.1664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31804b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31814b1c.1664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
31824b1c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
31834b1c.1664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
31844b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31854b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31864b1c.1664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31874b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31884b1c.1664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31894b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31904b1c.1664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31914b1c.1664: supR3HardenedDllNotificationCallback: load 00007ff899810000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
31924b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31934b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899810000 'C:\WINDOWS\System32\midimap.dll'
31944b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31954b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31964b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899810000 'C:\WINDOWS\System32\midimap.dll'
31974b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
31984b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31994b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899810000 'C:\WINDOWS\System32\midimap.dll'
32004b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32014b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32024b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff899810000 'C:\WINDOWS\System32\midimap.dll'
32034b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32044b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32054b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32064b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32074b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32084b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32094b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32104b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32114b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a510000 'C:\WINDOWS\system32\dsound.dll'
32124b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32134b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32144b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32154b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32164b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32174b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32184b1c.1664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32194b1c.1664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32204b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89a510000 'C:\WINDOWS\system32\dsound.dll'
32214b1c.1664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8966f0000 'C:\WINDOWS\System32\winmm.dll'
32224b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
32234b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
32244b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89c8a0000 'C:\WINDOWS\system32\dwmapi.dll'
32254b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32264b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32274b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32284b1c.4954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
32294b1c.4954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32304b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32314b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32324b1c.4954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1a60000 'C:\WINDOWS\system32\shell32.dll'
32334b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
32344b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0960000 'C:\Windows\System32\WINTRUST.DLL'
32354b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\CRYPT32.dll'
32364b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
32374b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890520000 'C:\Windows\System32\cryptnet.dll'
32384b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32394b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
32404b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
32414b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
32424b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
32434b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
32444b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
32454b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
32464b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32474b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32484b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32494b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32504b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32514b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
32524b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff898a20000 LB 0x00531000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
32534b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
32544b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff898a20000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
32554b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32564b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'iertutil.dll'.
32574b1c.fb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll)
32584b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
32594b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32604b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
32614b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
32624b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff88b320000 LB 0x0028a000 C:\WINDOWS\SYSTEM32\iertutil.dll [fFlags=0x0]
32634b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
32644b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff88b050000 LB 0x001c8000 C:\WINDOWS\SYSTEM32\urlmon.dll [fFlags=0x0]
32654b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\urlmon.dll [avoiding WinVerifyTrust]
32664b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32674b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32684b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
32694b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
32704b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
32714b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32724b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32734b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
32744b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
32754b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
32764b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001278 pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll
32774b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
32784b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
32794b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=58AFEE9378216E35EDF607A68102219F2182126C
32804b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
32814b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
32824b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1212_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
32834b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32844b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
32854b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0f20000 'C:\WINDOWS\System32\user32.dll'
32864b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a8 pwszName=\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
32874b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
32884b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
32894b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=10A33EB8E383018F3802E998686D401E15235D4D
32904b1c.3054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
32914b1c.3054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
32924b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
32934b1c.3054: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32944b1c.3054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32954b1c.3054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
32964b1c.3054: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll) WinVerifyTrust
32974b1c.3054: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
32984b1c.3054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32994b1c.3054: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33004b1c.3054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
33014b1c.3054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33024b1c.3054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33034b1c.3054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33044b1c.3054: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
33054b1c.3054: supR3HardenedDllNotificationCallback: load 00007ff892bc0000 LB 0x0001a000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [fFlags=0x0]
33064b1c.3054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
33074b1c.3054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff892bc0000 'C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
33084b1c.3054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
33094b1c.3054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WinTypes.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33104b1c.3054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89bf80000 'C:\Windows\System32\WinTypes.dll'
33114b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
33124b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
33134b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
33144b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'gdi32.dll'.
33154b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'.
33164b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
33174b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
33184b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'shell32.dll'.
33194b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'iertutil.dll'.
33204b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
33214b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'netapi32.dll'.
33224b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'version.dll'.
33234b1c.fb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ieframe.dll)
33244b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
33254b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000130c pwszName=\Device\HarddiskVolume2\Windows\System32\ieframe.dll
33264b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
33274b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
33284b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B364D6DDEF3291AFC9356CD8C470B001CF42F36
33294b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
33304b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
33314b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
33324b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
33334b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
33344b1c.fb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
33354b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33364b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
33374b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
33384b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33394b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33404b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
33414b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
33424b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll
33434b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
33444b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
33454b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33464b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33474b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33484b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33494b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33504b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33514b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
33524b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
33534b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33544b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33554b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33564b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33574b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
33584b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
33594b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
33604b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33614b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33624b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
33634b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
33644b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1755_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ieframe.dll'
33654b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33664b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ieframe.dll'
33674b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
33684b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
33694b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
33704b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
33714b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33724b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
33734b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
33744b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
33754b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
33764b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
33774b1c.fb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dsreg.dll)
33784b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsreg.dll
33794b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33804b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll)
33814b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
33824b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netutils.dll)
33834b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netutils.dll
33844b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
33854b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
33864b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wkscli.dll)
33874b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
33884b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff899b20000 LB 0x00017000 C:\Windows\System32\NETAPI32.dll [fFlags=0x0]
33894b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
33904b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff89c670000 LB 0x0008f000 C:\Windows\System32\msvcp110_win.dll [fFlags=0x0]
33914b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
33924b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff892c50000 LB 0x0008e000 C:\Windows\System32\DSREG.DLL [fFlags=0x0]
33934b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dsreg.dll [avoiding WinVerifyTrust]
33944b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff89f0e0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [fFlags=0x0]
33954b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
33964b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff898880000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [fFlags=0x0]
33974b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
33984b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff82e3a0000 LB 0x00c3f000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
33994b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
34004b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\wkscli.dll'.
34014b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' [rescheduled]
34024b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netutils.dll'.
34034b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netutils.dll' [rescheduled]
34044b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'.
34054b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll' [rescheduled]
34064b1c.fb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dsreg.dll'.
34074b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dsreg.dll' [rescheduled]
34084b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll'.
34094b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34104b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
34114b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
34124b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll)
34134b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll
34144b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34154b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34164b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34174b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34184b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34194b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34204b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34214b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34224b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
34234b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
34244b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34254b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34264b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34274b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34284b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34294b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34304b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
34314b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
34324b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [redoing WinVerifyTrust]
34334b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'.
34344b1c.fb4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
34354b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
34364b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll [avoiding WinVerifyTrust]
34374b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff894180000 LB 0x00267000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll [fFlags=0x0]
34384b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll [avoiding WinVerifyTrust]
34394b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff894180000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll'
34404b1c.fb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll'.
34414b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll' [rescheduled]
34424b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82e3a0000 'C:\Windows\System32\ieframe.dll'
34434b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
34444b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34454b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896e20000 'C:\WINDOWS\System32\PROPSYS.dll'
34464b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
34474b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34484b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896e20000 'C:\WINDOWS\system32\propsys.dll'
34494b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34504b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a31d0000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
34514b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34524b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
34534b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'oleaut32.dll'.
34544b1c.fb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\edputil.dll)
34554b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\edputil.dll
34564b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff87d010000 LB 0x00044000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
34574b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
34584b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000115c pwszName=\Device\HarddiskVolume2\Windows\System32\edputil.dll
34594b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
34604b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
34614b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F63BC86D4CF6BDFBA6973D11E2859FC307878DE
34624b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34634b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34644b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34654b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34664b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34674b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34684b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
34694b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
34704b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1212_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\edputil.dll'
34714b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34724b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\edputil.dll'
34734b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000135c pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll
34744b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
34754b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
34764b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=36EF7B1ECD45479CD8E54E61BB9F6FC0D6C135A8
34774b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
34784b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
34794b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll'
34804b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34814b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll) WinVerifyTrust
34824b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll
34834b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34844b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
34854b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff890e80000 LB 0x0000c000 C:\WINDOWS\System32\Secur32.dll [fFlags=0x0]
34864b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
34874b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff890e80000 'C:\WINDOWS\System32\Secur32.dll'
34884b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34894b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sspicli.dll)
34904b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
34914b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff89f840000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
34924b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
34934b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34944b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34954b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
34964b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
34974b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sspicli.dll'
34984b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll
34994b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35004b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f840000 'C:\WINDOWS\System32\sspicli.dll'
35014b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000117c pwszName=\Device\HarddiskVolume2\Windows\System32\mlang.dll
35024b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
35034b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
35044b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA4EC695EFC7AD7A76B0A4951714BE7551DFBD5C
35054b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35064b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35074b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mlang.dll'
35084b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35094b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35104b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mlang.dll) WinVerifyTrust
35114b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mlang.dll
35124b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35134b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35144b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35154b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
35164b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff88f4e0000 LB 0x0003f000 C:\WINDOWS\System32\MLANG.dll [fFlags=0x0]
35174b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
35184b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f4e0000 'C:\WINDOWS\System32\MLANG.dll'
35194b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35204b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1280000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
35214b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007ac pwszName=\Device\HarddiskVolume2\Windows\System32\wininet.dll
35224b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
35234b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
35244b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D3AF0D1A43B2A3B374436DBA7FD85DB7190728A
35254b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35264b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35274b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1212_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wininet.dll'
35284b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35294b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35304b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wininet.dll) WinVerifyTrust
35314b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wininet.dll
35324b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35334b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35344b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35354b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
35364b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff88e490000 LB 0x0032e000 C:\WINDOWS\System32\WININET.dll [fFlags=0x0]
35374b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
35384b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88e490000 'C:\WINDOWS\System32\WININET.dll'
35394b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
35404b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
35414b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35424b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35434b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35444b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
35454b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35464b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fb40000 'C:\WINDOWS\system32\windows.storage.dll'
35474b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'chrome_elf.dll'.
35484b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
35494b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'psapi.dll'.
35504b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
35514b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
35524b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
35534b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winmm.dll'.
35544b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'userenv.dll'.
35554b1c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'winhttp.dll'.
35564b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe)
35574b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe
35584b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
35594b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume2\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
35604b1c.fb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'.
35614b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winhttp.dll)
35624b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winhttp.dll
35634b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
35644b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
35654b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
35664b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
35674b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35684b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
35694b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
35704b1c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
35714b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35724b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35734b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
35744b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
35754b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
35764b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
35774b1c.fb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
35784b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
35794b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
35804b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35814b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35824b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'chrome_elf.dll'...
35834b1c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'chrome_elf.dll'
35844b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35854b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35864b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe'
35874b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35884b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35894b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
35904b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35914b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35924b1c.fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
35934b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
35944b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
35954b1c.fb4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
35964b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
35974b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
35984b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35994b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a34f0000 'C:\WINDOWS\System32\ntdll.dll'
36004b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001270 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
36014b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c57090
36024b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c57090
36034b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FFB70A4D61A062B2E16B0EA8C26E7B98F4D73F70
36044b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ee70000 'C:\WINDOWS\system32\rsaenh.dll'
36054b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0790000 'C:\WINDOWS\System32\crypt32.dll'
36064b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_951_for_KB4022716~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
36074b1c.fb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36084b1c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
36094b1c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
36104b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
36114b1c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
36124b1c.fb4: supR3HardenedDllNotificationCallback: load 00007ff89dd60000 LB 0x0007e000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
36134b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
36144b1c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
36154b1c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
36164b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a34f0000 'C:\WINDOWS\System32\ntdll.dll'
36174b1c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89dd60000 'C:\WINDOWS\system32\apphelp.dll'
36184b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff82e3a0000 LB 0x00c3f000 C:\Windows\System32\ieframe.dll [flags=0x0]
36194b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff899b20000 LB 0x00017000 C:\Windows\System32\NETAPI32.dll [flags=0x0]
36204b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff892c50000 LB 0x0008e000 C:\Windows\System32\DSREG.DLL [flags=0x0]
36214b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff89c670000 LB 0x0008f000 C:\Windows\System32\msvcp110_win.dll [flags=0x0]
36224b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff89f0e0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [flags=0x0]
36234b1c.fb4: supR3HardenedDllNotificationCallback: Unload 00007ff898880000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [flags=0x0]
36244b1c.2e5c: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
36254b1c.2e5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
36264b1c.2e5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
36274b1c.2e5c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
36284b1c.254: supR3HardenedDllNotificationCallback: Unload 00007ff896a40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
36294b1c.39b4: supR3HardenedDllNotificationCallback: Unload 00007ff899040000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
36304b1c.525c: supR3HardenedDllNotificationCallback: Unload 00007ff8991e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
36314b1c.45e4: supR3HardenedDllNotificationCallback: Unload 00007ff8991f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
36324b1c.2b24: supR3HardenedDllNotificationCallback: Unload 00007ff89a500000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
36334b1c.1664: supR3HardenedDllNotificationCallback: Unload 00007ff841610000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
36344b1c.1664: supR3HardenedDllNotificationCallback: Unload 00007ff8663b0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
36354b1c.1664: supR3HardenedDllNotificationCallback: Unload 00007ff863660000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
36364b1c.1664: supR3HardenedDllNotificationCallback: Unload 00007ff8a1620000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
36374b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff8956a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
36384b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff8828d0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
36394b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff89cbc0000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
36404b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff89e600000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
36414b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff89d890000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
36424b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff89e160000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
36434b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff895740000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
36444b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff874c80000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
36454b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff892bc0000 LB 0x0001a000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [flags=0x0]
36464b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff898a20000 LB 0x00531000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [flags=0x0]
36474b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff896bf0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
36484b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff896b60000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
36494b1c.4954: supR3HardenedDllNotificationCallback: Unload 00007ff842070000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
36504b1c.4954: Terminating the normal way: rcExit=0
365152bc.b58: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 593773 ms, the end);
36523ef4.4424: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 594559 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy