VirtualBox

Ticket #16915: VBoxHardening.log

File VBoxHardening.log, 401.7 KB (added by MickeyCohen, 7 years ago)
Line 
1d69c.1224: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
2d69c.1224: \SystemRoot\System32\ntdll.dll:
3d69c.1224: CreationTime: 2017-06-28T09:50:12.826071200Z
4d69c.1224: LastWriteTime: 2017-06-20T06:10:49.467134900Z
5d69c.1224: ChangeTime: 2017-07-12T21:09:17.519960000Z
6d69c.1224: FileAttributes: 0x20
7d69c.1224: Size: 0x1d7450
8d69c.1224: NT Headers: 0xe0
9d69c.1224: Timestamp: 0xa329d3a8
10d69c.1224: Machine: 0x8664 - amd64
11d69c.1224: Timestamp: 0xa329d3a8
12d69c.1224: Image Version: 10.0
13d69c.1224: SizeOfImage: 0x1db000 (1945600)
14d69c.1224: Resource Dir: 0x170000 LB 0x69398
15d69c.1224: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16d69c.1224: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17d69c.1224: ProductName: Microsoft® Windows® Operating System
18d69c.1224: ProductVersion: 10.0.15063.447
19d69c.1224: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
20d69c.1224: FileDescription: NT Layer DLL
21d69c.1224: \SystemRoot\System32\kernel32.dll:
22d69c.1224: CreationTime: 2017-06-02T11:01:58.853459000Z
23d69c.1224: LastWriteTime: 2017-06-02T11:01:58.853459000Z
24d69c.1224: ChangeTime: 2017-07-12T21:09:16.114665300Z
25d69c.1224: FileAttributes: 0x20
26d69c.1224: Size: 0xad068
27d69c.1224: NT Headers: 0xf8
28d69c.1224: Timestamp: 0xf5fa43df
29d69c.1224: Machine: 0x8664 - amd64
30d69c.1224: Timestamp: 0xf5fa43df
31d69c.1224: Image Version: 10.0
32d69c.1224: SizeOfImage: 0xae000 (712704)
33d69c.1224: Resource Dir: 0xac000 LB 0x520
34d69c.1224: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35d69c.1224: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36d69c.1224: ProductName: Microsoft® Windows® Operating System
37d69c.1224: ProductVersion: 10.0.15063.296
38d69c.1224: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
39d69c.1224: FileDescription: Windows NT BASE API Client DLL
40d69c.1224: \SystemRoot\System32\KernelBase.dll:
41d69c.1224: CreationTime: 2017-07-12T13:56:33.511399600Z
42d69c.1224: LastWriteTime: 2017-07-07T07:23:03.284884800Z
43d69c.1224: ChangeTime: 2017-07-12T21:51:38.492112100Z
44d69c.1224: FileAttributes: 0x20
45d69c.1224: Size: 0x249df0
46d69c.1224: NT Headers: 0x100
47d69c.1224: Timestamp: 0xaa6457d1
48d69c.1224: Machine: 0x8664 - amd64
49d69c.1224: Timestamp: 0xaa6457d1
50d69c.1224: Image Version: 10.0
51d69c.1224: SizeOfImage: 0x249000 (2396160)
52d69c.1224: Resource Dir: 0x22a000 LB 0x548
53d69c.1224: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54d69c.1224: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55d69c.1224: ProductName: Microsoft® Windows® Operating System
56d69c.1224: ProductVersion: 10.0.15063.483
57d69c.1224: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
58d69c.1224: FileDescription: Windows NT BASE API Client DLL
59d69c.1224: \SystemRoot\System32\apisetschema.dll:
60d69c.1224: CreationTime: 2017-03-18T20:57:35.373527900Z
61d69c.1224: LastWriteTime: 2017-03-18T20:57:35.373527900Z
62d69c.1224: ChangeTime: 2017-06-02T10:42:13.210903200Z
63d69c.1224: FileAttributes: 0x20
64d69c.1224: Size: 0x1ada0
65d69c.1224: NT Headers: 0xc0
66d69c.1224: Timestamp: 0x76544b2
67d69c.1224: Machine: 0x8664 - amd64
68d69c.1224: Timestamp: 0x76544b2
69d69c.1224: Image Version: 10.0
70d69c.1224: SizeOfImage: 0x1b000 (110592)
71d69c.1224: Resource Dir: 0x1a000 LB 0x408
72d69c.1224: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73d69c.1224: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74d69c.1224: ProductName: Microsoft® Windows® Operating System
75d69c.1224: ProductVersion: 10.0.15063.0
76d69c.1224: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
77d69c.1224: FileDescription: ApiSet Schema DLL
78d69c.1224: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79d69c.1224: supR3HardenedWinFindAdversaries: 0x0
80d69c.1224: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81d69c.1224: Calling main()
82d69c.1224: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83d69c.1224: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
84d69c.1224: SUPR3HardenedMain: Respawn #1
85d69c.1224: System32: \Device\HarddiskVolume2\Windows\System32
86d69c.1224: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
87d69c.1224: KnownDllPath: C:\WINDOWS\System32
88d69c.1224: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89d69c.1224: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90d69c.1224: supR3HardNtEnableThreadCreation:
91d69c.1224: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf8209ac0 pvNtTerminateThread=00007ffbf8235df0
92d69c.1224: supR3HardenedWinDoReSpawn(1): New child cf5c.d324 [kernel32].
93d69c.1224: supR3HardNtChildGatherData: PebBaseAddress=000000000069f000 cbPeb=0x388
94d69c.1224: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbf8190000 uNtDllChildAddr=00007ffbf8190000
95d69c.1224: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbf8209ac0
96d69c.1224: supR3HardenedWinSetupChildInit: Start child.
97d69c.1224: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98d69c.1224: supR3HardNtChildPurify: Startup delay kludge #1/0: 319 ms, 14 sleeps
99d69c.1224: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100d69c.1224: *0000000000000000-00000000004fffff 0x0001/0x0000 0x0000000
101d69c.1224: *0000000000500000-000000000051ffff 0x0004/0x0004 0x0020000
102d69c.1224: *0000000000520000-0000000000537fff 0x0002/0x0002 0x0040000
103d69c.1224: 0000000000538000-000000000053ffff 0x0001/0x0000 0x0000000
104d69c.1224: *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
105d69c.1224: 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
106d69c.1224: *0000000000550000-0000000000550fff 0x0004/0x0004 0x0020000
107d69c.1224: 0000000000551000-00000000005fffff 0x0001/0x0000 0x0000000
108d69c.1224: *0000000000600000-000000000069efff 0x0000/0x0004 0x0020000
109d69c.1224: 000000000069f000-00000000006a1fff 0x0004/0x0004 0x0020000
110d69c.1224: 00000000006a2000-00000000007fffff 0x0000/0x0004 0x0020000
111d69c.1224: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
112d69c.1224: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
113d69c.1224: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
114d69c.1224: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
115d69c.1224: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116d69c.1224: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
117d69c.1224: 000000007fff0000-00007ff6e25cffff 0x0001/0x0000 0x0000000
118d69c.1224: *00007ff6e25d0000-00007ff6e25f2fff 0x0002/0x0002 0x0040000
119d69c.1224: 00007ff6e25f3000-00007ff6e283ffff 0x0001/0x0000 0x0000000
120d69c.1224: *00007ff6e2840000-00007ff6e2840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121d69c.1224: 00007ff6e2841000-00007ff6e28b0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122d69c.1224: 00007ff6e28b1000-00007ff6e28b1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123d69c.1224: 00007ff6e28b2000-00007ff6e28f6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124d69c.1224: 00007ff6e28f7000-00007ff6e28f7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
125d69c.1224: 00007ff6e28f8000-00007ff6e28f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
126d69c.1224: 00007ff6e28f9000-00007ff6e28fdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
127d69c.1224: 00007ff6e28fe000-00007ff6e28fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
128d69c.1224: 00007ff6e28ff000-00007ff6e28fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
129d69c.1224: 00007ff6e2900000-00007ff6e2903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
130d69c.1224: 00007ff6e2904000-00007ff6e294bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
131d69c.1224: 00007ff6e294c000-00007ffbf818ffff 0x0001/0x0000 0x0000000
132d69c.1224: *00007ffbf8190000-00007ffbf8190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
133d69c.1224: 00007ffbf8191000-00007ffbf829ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
134d69c.1224: 00007ffbf82a0000-00007ffbf82e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
135d69c.1224: 00007ffbf82e5000-00007ffbf82ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
136d69c.1224: 00007ffbf82ed000-00007ffbf82fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137d69c.1224: 00007ffbf82fb000-00007ffbf82fbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138d69c.1224: 00007ffbf82fc000-00007ffbf82fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139d69c.1224: 00007ffbf82ff000-00007ffbf836afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140d69c.1224: 00007ffbf836b000-00007ffffffdffff 0x0001/0x0000 0x0000000
141d69c.1224: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142d69c.1224: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
143d69c.1224: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144d69c.1224: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
145d69c.1224: supR3HardNtChildPurify: Done after 460 ms and 0 fixes (loop #0).
146cf5c.d324: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
147cf5c.d324: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbf8190000 g_uNtVerCombined=0xa03ad700
148cf5c.d324: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
149cf5c.d324: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1945600 allocation)
150cf5c.d324: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
151cf5c.d324: System32: \Device\HarddiskVolume2\Windows\System32
152cf5c.d324: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
153cf5c.d324: KnownDllPath: C:\WINDOWS\System32
154cf5c.d324: supR3HardenedVmProcessInit: Opening vboxdrv stub...
155d69c.1224: supR3HardNtEnableThreadCreation:
156cf5c.d324: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
157cf5c.d324: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
158cf5c.d324: Registered Dll notification callback with NTDLL.
159cf5c.d324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
160cf5c.d324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
161cf5c.d324: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
162cf5c.d324: supR3HardenedDllNotificationCallback: load 00007ffbf46b0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
163cf5c.d324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
164cf5c.d324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
165cf5c.d324: supR3HardenedDllNotificationCallback: load 00007ffbf62a0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
166cf5c.d324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
167cf5c.d324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf62a0000 'C:\WINDOWS\System32\KERNEL32.DLL'
168cf5c.d324: supR3HardenedDllNotificationCallback: load 00007ff6e2840000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
169cf5c.d324: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
170cf5c.d324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
171cf5c.d324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
172cf5c.d324: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf8209ac0 pvNtTerminateThread=00007ffbf8235df0
173d69c.1224: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 305 ms.
174cf5c.d324: \SystemRoot\System32\ntdll.dll:
175cf5c.d324: CreationTime: 2017-06-28T09:50:12.826071200Z
176cf5c.d324: LastWriteTime: 2017-06-20T06:10:49.467134900Z
177cf5c.d324: ChangeTime: 2017-07-12T21:09:17.519960000Z
178cf5c.d324: FileAttributes: 0x20
179cf5c.d324: Size: 0x1d7450
180cf5c.d324: NT Headers: 0xe0
181cf5c.d324: Timestamp: 0xa329d3a8
182cf5c.d324: Machine: 0x8664 - amd64
183cf5c.d324: Timestamp: 0xa329d3a8
184cf5c.d324: Image Version: 10.0
185cf5c.d324: SizeOfImage: 0x1db000 (1945600)
186cf5c.d324: Resource Dir: 0x170000 LB 0x69398
187cf5c.d324: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
188cf5c.d324: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
189cf5c.d324: ProductName: Microsoft® Windows® Operating System
190cf5c.d324: ProductVersion: 10.0.15063.447
191cf5c.d324: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
192cf5c.d324: FileDescription: NT Layer DLL
193cf5c.d324: \SystemRoot\System32\kernel32.dll:
194cf5c.d324: CreationTime: 2017-06-02T11:01:58.853459000Z
195cf5c.d324: LastWriteTime: 2017-06-02T11:01:58.853459000Z
196cf5c.d324: ChangeTime: 2017-07-12T21:09:16.114665300Z
197cf5c.d324: FileAttributes: 0x20
198cf5c.d324: Size: 0xad068
199cf5c.d324: NT Headers: 0xf8
200cf5c.d324: Timestamp: 0xf5fa43df
201cf5c.d324: Machine: 0x8664 - amd64
202cf5c.d324: Timestamp: 0xf5fa43df
203cf5c.d324: Image Version: 10.0
204cf5c.d324: SizeOfImage: 0xae000 (712704)
205cf5c.d324: Resource Dir: 0xac000 LB 0x520
206cf5c.d324: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
207cf5c.d324: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
208cf5c.d324: ProductName: Microsoft® Windows® Operating System
209cf5c.d324: ProductVersion: 10.0.15063.296
210cf5c.d324: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
211cf5c.d324: FileDescription: Windows NT BASE API Client DLL
212cf5c.d324: \SystemRoot\System32\KernelBase.dll:
213cf5c.d324: CreationTime: 2017-07-12T13:56:33.511399600Z
214cf5c.d324: LastWriteTime: 2017-07-07T07:23:03.284884800Z
215cf5c.d324: ChangeTime: 2017-07-12T21:51:38.492112100Z
216cf5c.d324: FileAttributes: 0x20
217cf5c.d324: Size: 0x249df0
218cf5c.d324: NT Headers: 0x100
219cf5c.d324: Timestamp: 0xaa6457d1
220cf5c.d324: Machine: 0x8664 - amd64
221cf5c.d324: Timestamp: 0xaa6457d1
222cf5c.d324: Image Version: 10.0
223cf5c.d324: SizeOfImage: 0x249000 (2396160)
224cf5c.d324: Resource Dir: 0x22a000 LB 0x548
225cf5c.d324: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
226cf5c.d324: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
227cf5c.d324: ProductName: Microsoft® Windows® Operating System
228cf5c.d324: ProductVersion: 10.0.15063.483
229cf5c.d324: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
230cf5c.d324: FileDescription: Windows NT BASE API Client DLL
231cf5c.d324: \SystemRoot\System32\apisetschema.dll:
232cf5c.d324: CreationTime: 2017-03-18T20:57:35.373527900Z
233cf5c.d324: LastWriteTime: 2017-03-18T20:57:35.373527900Z
234cf5c.d324: ChangeTime: 2017-06-02T10:42:13.210903200Z
235cf5c.d324: FileAttributes: 0x20
236cf5c.d324: Size: 0x1ada0
237cf5c.d324: NT Headers: 0xc0
238cf5c.d324: Timestamp: 0x76544b2
239cf5c.d324: Machine: 0x8664 - amd64
240cf5c.d324: Timestamp: 0x76544b2
241cf5c.d324: Image Version: 10.0
242cf5c.d324: SizeOfImage: 0x1b000 (110592)
243cf5c.d324: Resource Dir: 0x1a000 LB 0x408
244cf5c.d324: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
245cf5c.d324: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
246cf5c.d324: ProductName: Microsoft® Windows® Operating System
247cf5c.d324: ProductVersion: 10.0.15063.0
248cf5c.d324: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
249cf5c.d324: FileDescription: ApiSet Schema DLL
250cf5c.d324: NtOpenDirectoryObject failed on \Driver: 0xc0000022
251cf5c.d324: supR3HardenedWinFindAdversaries: 0x0
252cf5c.d324: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
253cf5c.d324: Calling main()
254cf5c.d324: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
255cf5c.d324: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
256cf5c.d324: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
257cf5c.d324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
258cf5c.d324: SUPR3HardenedMain: Respawn #2
259cf5c.d324: supR3HardNtEnableThreadCreation:
260cf5c.d324: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
261cf5c.d324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
262cf5c.d324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
263cf5c.d324: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
264cf5c.d324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\WINDOWS\System32\ntdll.dll'
265cf5c.d324: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf8209ac0 pvNtTerminateThread=00007ffbf8235df0
266cf5c.d324: supR3HardenedWinDoReSpawn(2): New child d314.9bd4 [kernel32].
267cf5c.d324: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
268cf5c.d324: supR3HardNtChildGatherData: PebBaseAddress=0000000000844000 cbPeb=0x388
269cf5c.d324: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbf8190000 uNtDllChildAddr=00007ffbf8190000
270cf5c.d324: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbf8209ac0
271cf5c.d324: supR3HardenedWinSetupChildInit: Start child.
272cf5c.d324: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
273cf5c.d324: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 27 sleeps
274cf5c.d324: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
275cf5c.d324: *0000000000000000-000000000072ffff 0x0001/0x0000 0x0000000
276cf5c.d324: *0000000000730000-000000000074ffff 0x0004/0x0004 0x0020000
277cf5c.d324: *0000000000750000-0000000000767fff 0x0002/0x0002 0x0040000
278cf5c.d324: 0000000000768000-000000000076ffff 0x0001/0x0000 0x0000000
279cf5c.d324: *0000000000770000-0000000000773fff 0x0002/0x0002 0x0040000
280cf5c.d324: 0000000000774000-000000000077ffff 0x0001/0x0000 0x0000000
281cf5c.d324: *0000000000780000-0000000000780fff 0x0004/0x0004 0x0020000
282cf5c.d324: 0000000000781000-00000000007fffff 0x0001/0x0000 0x0000000
283cf5c.d324: *0000000000800000-0000000000843fff 0x0000/0x0004 0x0020000
284cf5c.d324: 0000000000844000-0000000000846fff 0x0004/0x0004 0x0020000
285cf5c.d324: 0000000000847000-00000000009fffff 0x0000/0x0004 0x0020000
286cf5c.d324: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
287cf5c.d324: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
288cf5c.d324: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
289cf5c.d324: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
290cf5c.d324: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
291cf5c.d324: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
292cf5c.d324: 000000007fff0000-00007ff6e275ffff 0x0001/0x0000 0x0000000
293cf5c.d324: *00007ff6e2760000-00007ff6e2782fff 0x0002/0x0002 0x0040000
294cf5c.d324: 00007ff6e2783000-00007ff6e283ffff 0x0001/0x0000 0x0000000
295cf5c.d324: *00007ff6e2840000-00007ff6e2840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
296cf5c.d324: 00007ff6e2841000-00007ff6e28b0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
297cf5c.d324: 00007ff6e28b1000-00007ff6e28b1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
298cf5c.d324: 00007ff6e28b2000-00007ff6e28f6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
299cf5c.d324: 00007ff6e28f7000-00007ff6e28f7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
300cf5c.d324: 00007ff6e28f8000-00007ff6e28f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
301cf5c.d324: 00007ff6e28f9000-00007ff6e28fdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
302cf5c.d324: 00007ff6e28fe000-00007ff6e28fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
303cf5c.d324: 00007ff6e28ff000-00007ff6e28fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
304cf5c.d324: 00007ff6e2900000-00007ff6e2903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
305cf5c.d324: 00007ff6e2904000-00007ff6e294bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
306cf5c.d324: 00007ff6e294c000-00007ffbf818ffff 0x0001/0x0000 0x0000000
307cf5c.d324: *00007ffbf8190000-00007ffbf8190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
308cf5c.d324: 00007ffbf8191000-00007ffbf829ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
309cf5c.d324: 00007ffbf82a0000-00007ffbf82e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
310cf5c.d324: 00007ffbf82e5000-00007ffbf82ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
311cf5c.d324: 00007ffbf82ed000-00007ffbf82fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
312cf5c.d324: 00007ffbf82fb000-00007ffbf82fbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
313cf5c.d324: 00007ffbf82fc000-00007ffbf82fefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
314cf5c.d324: 00007ffbf82ff000-00007ffbf836afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
315cf5c.d324: 00007ffbf836b000-00007ffffffdffff 0x0001/0x0000 0x0000000
316cf5c.d324: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
317cf5c.d324: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
318cf5c.d324: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
319cf5c.d324: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
320cf5c.d324: supR3HardNtChildPurify: Done after 373 ms and 0 fixes (loop #0).
321d314.9bd4: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
322d314.9bd4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbf8190000 g_uNtVerCombined=0xa03ad700
323d314.9bd4: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
324d314.9bd4: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1945600 allocation)
325cf5c.d324: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
326cf5c.d324: supR3HardNtEnableThreadCreation:
327d314.9bd4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
328d314.9bd4: System32: \Device\HarddiskVolume2\Windows\System32
329d314.9bd4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
330d314.9bd4: KnownDllPath: C:\WINDOWS\System32
331d314.9bd4: supR3HardenedVmProcessInit: Opening vboxdrv...
332d314.9bd4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
333d314.9bd4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
334d314.9bd4: Registered Dll notification callback with NTDLL.
335d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
336d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
337d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
338d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf46b0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
339d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
340d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
341d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf62a0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
342d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
343d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf62a0000 'C:\WINDOWS\System32\KERNEL32.DLL'
344d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ff6e2840000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
345d314.9bd4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
346d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
347d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
348d314.9bd4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf8209ac0 pvNtTerminateThread=00007ffbf8235df0
349cf5c.d324: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 299 ms.
350d314.9bd4: \SystemRoot\System32\ntdll.dll:
351d314.9bd4: CreationTime: 2017-06-28T09:50:12.826071200Z
352d314.9bd4: LastWriteTime: 2017-06-20T06:10:49.467134900Z
353d314.9bd4: ChangeTime: 2017-07-12T21:09:17.519960000Z
354d314.9bd4: FileAttributes: 0x20
355d314.9bd4: Size: 0x1d7450
356d314.9bd4: NT Headers: 0xe0
357d314.9bd4: Timestamp: 0xa329d3a8
358d314.9bd4: Machine: 0x8664 - amd64
359d314.9bd4: Timestamp: 0xa329d3a8
360d314.9bd4: Image Version: 10.0
361d314.9bd4: SizeOfImage: 0x1db000 (1945600)
362d314.9bd4: Resource Dir: 0x170000 LB 0x69398
363d314.9bd4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
364d314.9bd4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
365d314.9bd4: ProductName: Microsoft® Windows® Operating System
366d314.9bd4: ProductVersion: 10.0.15063.447
367d314.9bd4: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
368d314.9bd4: FileDescription: NT Layer DLL
369d314.9bd4: \SystemRoot\System32\kernel32.dll:
370d314.9bd4: CreationTime: 2017-06-02T11:01:58.853459000Z
371d314.9bd4: LastWriteTime: 2017-06-02T11:01:58.853459000Z
372d314.9bd4: ChangeTime: 2017-07-12T21:09:16.114665300Z
373d314.9bd4: FileAttributes: 0x20
374d314.9bd4: Size: 0xad068
375d314.9bd4: NT Headers: 0xf8
376d314.9bd4: Timestamp: 0xf5fa43df
377d314.9bd4: Machine: 0x8664 - amd64
378d314.9bd4: Timestamp: 0xf5fa43df
379d314.9bd4: Image Version: 10.0
380d314.9bd4: SizeOfImage: 0xae000 (712704)
381d314.9bd4: Resource Dir: 0xac000 LB 0x520
382d314.9bd4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
383d314.9bd4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
384d314.9bd4: ProductName: Microsoft® Windows® Operating System
385d314.9bd4: ProductVersion: 10.0.15063.296
386d314.9bd4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
387d314.9bd4: FileDescription: Windows NT BASE API Client DLL
388d314.9bd4: \SystemRoot\System32\KernelBase.dll:
389d314.9bd4: CreationTime: 2017-07-12T13:56:33.511399600Z
390d314.9bd4: LastWriteTime: 2017-07-07T07:23:03.284884800Z
391d314.9bd4: ChangeTime: 2017-07-12T21:51:38.492112100Z
392d314.9bd4: FileAttributes: 0x20
393d314.9bd4: Size: 0x249df0
394d314.9bd4: NT Headers: 0x100
395d314.9bd4: Timestamp: 0xaa6457d1
396d314.9bd4: Machine: 0x8664 - amd64
397d314.9bd4: Timestamp: 0xaa6457d1
398d314.9bd4: Image Version: 10.0
399d314.9bd4: SizeOfImage: 0x249000 (2396160)
400d314.9bd4: Resource Dir: 0x22a000 LB 0x548
401d314.9bd4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
402d314.9bd4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
403d314.9bd4: ProductName: Microsoft® Windows® Operating System
404d314.9bd4: ProductVersion: 10.0.15063.483
405d314.9bd4: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
406d314.9bd4: FileDescription: Windows NT BASE API Client DLL
407d314.9bd4: \SystemRoot\System32\apisetschema.dll:
408d314.9bd4: CreationTime: 2017-03-18T20:57:35.373527900Z
409d314.9bd4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
410d314.9bd4: ChangeTime: 2017-06-02T10:42:13.210903200Z
411d314.9bd4: FileAttributes: 0x20
412d314.9bd4: Size: 0x1ada0
413d314.9bd4: NT Headers: 0xc0
414d314.9bd4: Timestamp: 0x76544b2
415d314.9bd4: Machine: 0x8664 - amd64
416d314.9bd4: Timestamp: 0x76544b2
417d314.9bd4: Image Version: 10.0
418d314.9bd4: SizeOfImage: 0x1b000 (110592)
419d314.9bd4: Resource Dir: 0x1a000 LB 0x408
420d314.9bd4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
421d314.9bd4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
422d314.9bd4: ProductName: Microsoft® Windows® Operating System
423d314.9bd4: ProductVersion: 10.0.15063.0
424d314.9bd4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
425d314.9bd4: FileDescription: ApiSet Schema DLL
426d314.9bd4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
427d314.9bd4: supR3HardenedWinFindAdversaries: 0x0
428d314.9bd4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
429d314.9bd4: Calling main()
430d314.9bd4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
431d314.9bd4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
432d314.9bd4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
433d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
434d314.9bd4: SUPR3HardenedMain: Final process, opening VBoxDrv...
435d314.9bd4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
436d314.9bd4: supR3HardNtEnableThreadCreation:
437d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
438d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
439d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
440d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
441d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf2ac0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
442d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
443d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
444d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
445d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
446d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
447d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
448d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
449d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
450d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
451d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
452d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
453d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
454d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
455d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
456d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
457d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
458d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
459d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
460d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
461d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
462d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
463d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
464d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
465d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
466d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
467d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
468d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
469d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
470d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
471d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
472d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
473d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
474d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
475d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
476d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
477d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf60d0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
478d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
479d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4670000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
480d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
481d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4a50000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
482d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
483d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
484d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5370000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
485d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
486d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf7f10000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
487d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
488d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5fd0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
489d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
490d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
491d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
492d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf61e0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
493d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
494d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
495d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
496d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
497d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
498d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf49f0000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
499d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
500d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
501d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-synch-l1-2-0'
502d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
503d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-fibers-l1-1-1'
504d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
505d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-fibers-l1-1-1'
506d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
507d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-synch-l1-2-0'
508d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
509d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-localization-l1-2-1'
510d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\WINDOWS\system32\Wintrust.dll'
511d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
512d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
513d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
514d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
515d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
516d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
517d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
518d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
519d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
520d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
521d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
522d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
523d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
524d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
525d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
526d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
527d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf41c0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
528d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
529d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf41c0000 'C:\WINDOWS\system32\bcrypt.dll'
530d314.9bd4: bcrypt.dll loaded at 00007ffbf41c0000, BCryptOpenAlgorithmProvider at 00007ffbf41c4aa0, preloading providers:
531d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
532d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
533d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
534d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5300000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
535d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
536d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5300000 'C:\WINDOWS\system32\bcryptprimitives.dll'
537d314.9bd4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000102f4e0)
538d314.9bd4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000102faf0)
539d314.9bd4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010305d0)
540d314.9bd4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010308a0)
541d314.9bd4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001030b70)
542d314.9bd4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001030e40)
543d314.9bd4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001031110)
544d314.9bd4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010313e0)
545d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
546d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
547d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
548d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
549d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
550d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
551d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
552d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
553d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
554d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
555d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
556d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
557d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
558d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
559d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
560d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
561d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
562d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
563d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
564d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
565d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
566d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
567d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
568d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf40b0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
569d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
570d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
571d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
572d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
573d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
574d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
575d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
576d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
577d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
578d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf3b30000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
579d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
580d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
581d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
582d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
583d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
584d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf40d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
585d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
586d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
587d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
588d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
589d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
590d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
591d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf62a0000 'C:\WINDOWS\System32\kernel32.dll'
592d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
593d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
594d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
595d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
596d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\CRYPT32.dll'
597d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf6350000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
598d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
599d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
600d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
601d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
602d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
603d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
604d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
605d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
606d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
607d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
608d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll)
609d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
610d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
611d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
612d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
613d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
614d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf33f0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
615d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
616d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4690000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
617d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
618d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
619d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
620d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
621d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
622d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
623d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
624d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
625d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
626d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
627d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
628d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
629d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
630d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
631d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
632d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
633d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
634d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
635d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
636d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
637d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
638d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
639d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
640d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
641d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
642d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
643d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
644d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
645d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
646d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
647d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
648d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
649d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
650d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
651d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
652d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
653d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
654d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
655d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
656d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
657d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
658d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
659d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
660d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
661d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
662d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
663d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbdd080000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
664d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
665d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
666d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
667d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
668d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
669d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
670d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
671d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
672d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
673d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
674d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
675d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
676d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
677d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
678d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
679d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
680d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
681d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
682d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
683d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
684d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
685d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
686d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
687d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
688d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
689d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
690d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
691d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
692d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
693d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\WINDOWS\System32\cryptnet.dll'
694d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
695d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\Windows\System32\cryptnet.dll'
696d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
697d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
698d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
699d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
700d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
701d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
702d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
703d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000108fa90
704d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
705d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
706d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
707d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
708d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7f10000 'C:\WINDOWS\System32\rpcrt4.dll'
709d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
710d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
711d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
712d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
713d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
714d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
715d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
716d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
717d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
718d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
719d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
720d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
721d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
722d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
723d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
724d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
725d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
726d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
727d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
728d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
729d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
730d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1109_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\SystemRoot\System32\ntdll.dll'
731d314.9bd4: g_pfnWinVerifyTrust=00007ffbf49fd3e0
732d314.9bd4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
733d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
734d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
735d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
736d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
737d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
738d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
739d314.9bd4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
740d314.9bd4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
741d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
742d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
743d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
744d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
745d314.9bd4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
746d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
747d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
748d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
749d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
750d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
751d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
752d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
753d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
754d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
755d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
756d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
757d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
758d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
759d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
760d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
761d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
762d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
763d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
764d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
765d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
766d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
767d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
768d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
769d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
770d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
771d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
772d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
773d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
774d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
775d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
776d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
777d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
778d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
779d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
780d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
781d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
782d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
783d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
784d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
785d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
786d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
787d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
788d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
789d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
790d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
791d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
792d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
793d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
794d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
795d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
796d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
797d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
798d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
799d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
800d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
801d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
802d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
803d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
804d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
805d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
806d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
807d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
808d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
809d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
810d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
811d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
812d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
813d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
814d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
815d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
816d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
817d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
818d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
819d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
820d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
821d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
822d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
823d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
824d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
825d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
826d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
827d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
828d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
829d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
830d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
831d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
832d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
833d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
834d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
835d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
836d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
837d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
838d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
839d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\system32\crypt32.dll'
840d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
841d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
842d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
843d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
844d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
845d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
846d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x1e1169bd454ccc00 C=IL, O=Government of Israel, OU=Population and Immigration Authority, CN=Residents eID Root CA 12-01
847d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x45521c4244fca00 CN=MICKEY-X201-10
848d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x9fe25aa6d6f8ae00 CN=MICKEY-X201-10
849d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
850d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
851d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
852d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
853d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xd20f846f004da00 CN=MICKEY-X201-10
854d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x15941d5f68b5c600 CN=ComSign Secured CA, O=ComSign, C=IL
855d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
856d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
857d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
858d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
859d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
860d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
861d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
862d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
863d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
864d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
865d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
866d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
867d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
868d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
869d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
870d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xeb1d2a732928b200 CN=ComSign Global Root CA, O=ComSign Ltd., C=IL
871d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
872d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
873d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
874d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
875d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
876d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
877d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
878d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
879d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
880d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
881d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
882d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
883d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
884d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
885d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
886d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
887d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
888d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
889d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
890d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
891d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
892d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
893d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
894d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
895d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
896d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
897d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
898d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
899d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
900d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
901d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
902d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
903d314.9bd4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
904d314.9bd4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
905d314.9bd4: SUPR3HardenedMain: Load Runtime...
906d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
907d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
908d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
909d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
910d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
911d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
912d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
913d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
914d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
915d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
916d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
917d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
918d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
919d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
920d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
921d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
922d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
923d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
924d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
925d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
926d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
927d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
928d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
929d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
930d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
931d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
932d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
933d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
934d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
935d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
936d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
937d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
938d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
939d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
940d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
941d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
942d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
943d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
944d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
945d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
946d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
947d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
948d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
949d314.9bd4: supR3HardenedDllNotificationCallback: load 0000000052df0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
950d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
951d314.9bd4: supR3HardenedDllNotificationCallback: load 0000000053210000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
952d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
953d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5b20000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
954d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
955d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffba4330000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
956d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
957d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
958d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
959d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
960d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
961d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
962d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
963d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
964d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
965d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
966d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
967d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
968d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
969d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
970d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
971d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
972d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
973d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
974d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
975d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
976d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
977d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
978d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
979d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
980d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
981d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
982d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
983d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
984d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
985d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
986d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
987d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
988d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
989d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
990d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
991d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
992d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
993d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
994d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
995d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
996d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
997d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
998d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
999d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1000d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1001d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1002d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1003d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1004d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1005d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1006d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1007d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba4330000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1008d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\WINDOWS\system32\Wintrust.dll'
1009d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1010d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1011d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1012d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1013d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\system32\crypt32.dll'
1014d314.9bd4: SUPR3HardenedMain: Load TrustedMain...
1015d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1016d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1017d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1018d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1019d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1020d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1021d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1022d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1023d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1024d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1025d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1026d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1027d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1028d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1029d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1030d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1031d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1032d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1033d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1034d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1035d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1036d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1037d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1038d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1039d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1040d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1041d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1042d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1043d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1044d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1045d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1046d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1047d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1048d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1049d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1050d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1051d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1052d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1053d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1054d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1055d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1056d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1057d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1058d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1059d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1060d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1061d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1062d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1063d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1064d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1065d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1066d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1067d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1068d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1069d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1070d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
1071d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1072d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1073d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1074d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1075d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1076d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1077d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1078d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1079d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1080d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1081d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1082d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1083d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
1084d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
1085d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
1086d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
1087d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1088d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1089d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1090d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1091d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1092d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1093d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1094d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1095d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1096d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1097d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1098d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
1099d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1100d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1101d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1102d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1103d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1104d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1105d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1106d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1107d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1108d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1109d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1110d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1111d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1112d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1113d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1114d314.9bd4: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1115d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1116d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1117d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1118d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1119d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1120d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
1121d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
1122d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1123d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1124d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1125d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1126d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1127d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1128d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1129d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1130d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1131d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1132d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1133d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1134d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1135d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1136d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1137d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1138d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1139d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1140d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1141d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1142d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1143d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1144d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1145d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1146d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1147d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1148d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1149d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1150d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1151d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1152d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1153d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1154d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1155d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1156d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1157d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1158d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1159d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1160d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1161d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1162d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1163d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1164d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1165d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1166d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1167d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1168d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1169d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1170d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1171d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1172d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1173d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1174d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1175d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1176d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1177d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1178d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1179d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1180d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1181d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1182d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1183d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1184d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1185d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1186d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1187d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1188d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1189d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1190d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1191d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1192d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1193d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1194d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1195d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1196d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1197d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1198d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1199d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1200d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1201d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1202d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1203d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1204d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1205d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1206d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1207d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1208d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1209d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1210d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1211d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1212d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1213d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1214d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1215d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1216d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1217d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1218d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1219d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1220d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1221d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1222d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1223d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1224d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1225d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1226d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1227d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1228d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1229d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1230d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1231d314.9bd4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1232d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1233d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1234d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1235d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1236d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1237d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1238d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1239d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1240d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1241d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1242d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1243d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1244d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1245d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1246d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1247d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1248d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1249d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1250d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1251d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1252d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1253d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1254d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1255d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1256d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1257d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1259d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1260d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1261d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1262d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1263d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1264d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1265d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1266d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1267d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1268d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1269d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1270d314.9bd4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1271d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1272d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1273d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1274d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1275d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1276d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1277d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1278d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1279d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1280d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1281d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1282d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1283d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1284d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1285d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1286d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1287d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1288d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1289d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1290d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1291d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1292d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1293d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1294d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1295d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1296d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1297d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1298d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1299d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1300d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1301d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1302d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1303d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1304d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1305d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1306d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1307d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1308d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1309d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1310d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1311d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1312d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1313d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1314d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1315d314.9bd4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1316d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1317d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1318d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
1319d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1320d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
1321d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
1322d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1323d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1324d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1325d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1326d314.9bd4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1327d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1328d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
1329d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1330d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1331d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1332d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1333d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1334d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1335d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1336d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1337d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1338d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1339d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1340d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1341d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1342d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1343d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1344d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1345d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1346d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1347d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1348d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1349d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1350d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1351d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1352d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1353d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1354d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1355d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1356d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1357d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1358d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1359d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1360d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1361d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1362d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1363d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1364d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1365d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1366d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1367d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1368d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1369d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
1370d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
1371d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1372d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1373d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1374d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1375d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1376d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1377d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1378d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1379d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1380d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1381d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1382d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1383d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1384d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1385d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1386d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1387d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1388d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1389d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1390d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1391d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1392d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1393d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1394d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1395d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1396d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1397d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1398d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1399d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1400d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1401d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1402d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1403d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1404d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1405d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1406d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1407d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1408d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1409d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1410d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1411d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1412d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1413d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1414d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1415d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1416d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1417d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1418d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
1419d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
1420d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
1421d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1422d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1423d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1424d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1425d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1426d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1427d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1428d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1429d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1430d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1431d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1432d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1433d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1434d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1435d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1436d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1437d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1438d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1439d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1440d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1441d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
1442d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
1443d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1444d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf56d0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1445d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1446d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4900000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1447d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1448d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5540000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1449d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1450d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
1451d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
1452d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
1453d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1454d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1455d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf7980000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1456d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1457d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5720000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1458d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbea700000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1459d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1460d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbcb130000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1461d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1462d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf49a0000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1463d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1464d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1465d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf7b20000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1466d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1467d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf58d0000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1468d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1469d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
1470d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
1471d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1472d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1473d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf5870000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1474d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1475d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4650000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1476d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1477d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1478d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1479d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1480d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4600000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1481d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1482d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1483d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1484d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4c00000 LB 0x006f2000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1485d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1486d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
1487d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
1488d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
1489d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1490d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1491d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf6370000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1492d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1493d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf8040000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1494d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1495d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbe7090000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1496d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1497d314.9bd4: supR3HardenedDllNotificationCallback: load 0000000052880000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1498d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1499d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffba2720000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1500d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1501d314.9bd4: supR3HardenedDllNotificationCallback: load 0000000052310000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1502d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1503d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbee940000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1504d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1505d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbecd90000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
1506d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
1507d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf7870000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1508d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1509d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbdc270000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1510d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1511d314.9bd4: supR3HardenedDllNotificationCallback: load 00000000522b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1512d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1513d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf77b0000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1514d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1515d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf0fc0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1516d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1517d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf1020000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1518d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1519d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffba2d20000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1520d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1521d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1522d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1523d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1524d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1525d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1526d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1527d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1528d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1529d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1530d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1531d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1532d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1533d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
1534d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
1535d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1536d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1537d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1538d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1539d314.9bd4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1540d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1541d314.9bd4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1542d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1543d314.9bd4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1544d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1545d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1546d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1547d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1548d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1549d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1550d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1551d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1552d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1553d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1554d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1555d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1556d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1557d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1558d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1559d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1560d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1561d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1562d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1563d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1564d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1565d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1566d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1567d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1568d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1569d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1570d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1571d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1572d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1573d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1574d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1575d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1576d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1577d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1578d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1579d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1580d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1581d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1582d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1583d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1584d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1585d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1586d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1587d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1588d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1589d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1590d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1591d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1592d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1593d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1594d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1595d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1596d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1597d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1598d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1599d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1600d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1601d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1602d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1603d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1604d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1605d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1606d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1607d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1608d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1609d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf62a0000 'C:\WINDOWS\System32\kernel32.dll'
1610d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1611d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-string-l1-1-0'
1612d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1613d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-datetime-l1-1-1'
1614d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1615d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1616d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1617d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1618d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
1619d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1620d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1621d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1622d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1623d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1624d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1625d314.9bd4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1626d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1627d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1628d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1629d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf56f0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1630d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1631d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf56f0000 'C:\WINDOWS\system32\IMM32.DLL'
1632d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1633d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1634d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1635d314.9bd4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1636d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
1637d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1638d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf56f0000 'C:\WINDOWS\System32\imm32.dll'
1639d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1640d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1641d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf61e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1642d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba2d20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1643d314.9bd4: SUPR3HardenedMain: Calling TrustedMain (00007ffba2d21610)...
1644d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1645d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1646d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1647d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1648d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1649d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1650d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1651d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1652d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1653d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1654d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1655d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1656d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1657d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1658d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1659d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1660d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1661d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1662d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1663d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1664d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1665d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1666d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1667d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1668d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1669d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1670d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1671d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1672d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1673d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1674d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1675d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1676d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1677d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1678d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1679d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1680d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1681d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1682d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1683d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1684d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1685d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1686d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1687d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1688d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1689d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1690d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1691d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1692d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1693d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1694d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1695d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1696d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1697d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1698d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbb6b50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1699d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1700d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb6b50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1701d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a0 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1702d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
1703d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
1704d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
1705d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1706d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1707d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1708d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1709d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1710d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
1711d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1712d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1713d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1714d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1715d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1716d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1717d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1718d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1719d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1720d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1721d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1722d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1723d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf2d60000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
1724d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1725d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2d60000 'C:\WINDOWS\system32\uxtheme.dll'
1726d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5720000 'C:\WINDOWS\system32\user32.dll'
1727d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1728d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1729d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
1730d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1731d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1732d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1733d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1734d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1735d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf58d0000 'C:\WINDOWS\system32\SHCore.dll'
1736d314.9bd4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
1737d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1738d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
1739d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1740d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
1741d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
1742d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
1743d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
1744d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1745d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf03f0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
1746d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1747d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1748d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1749d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1750d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1751d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1752d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1753d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1754d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1755d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1756d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1757d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1758d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1759d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1760d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1761d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\system32\winmm.dll'
1762d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1763d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1764d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\system32\winmm.dll'
1765d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1766d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1767d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
1768d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1769d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1770d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2d60000 'C:\WINDOWS\system32\uxtheme.dll'
1771d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1772d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1773d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf61e0000 'C:\WINDOWS\system32\advapi32.dll'
1774d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1775d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1776d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1777d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
1778d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
1779d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1780d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1781d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1782d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1783d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1784d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1785d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1786d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1787d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1788d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf4530000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
1789d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1790d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4530000 'C:\WINDOWS\system32\userenv.dll'
1791d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1792d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1793d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf62a0000 'C:\WINDOWS\System32\kernel32.dll'
1794d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf6030000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
1795d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1796d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
1797d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
1798d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1799d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1800d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1801d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1802d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1803d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1804d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1805d314.c020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1806d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1807d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1808d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1809d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1810d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1811d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1812d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1813d314.c020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1814d314.c020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1815d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1816d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1817d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1818d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1819d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1820d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1821d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1822d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1823d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1824d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1825d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1826d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1827d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1828d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1829d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1830d314.c020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1831d314.c020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1832d314.c020: supR3HardenedDllNotificationCallback: load 00007ffba3a80000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1833d314.c020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1834d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba3a80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1835d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1836d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1837d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1838d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1839d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1840d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1841d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1842d314.c020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1843d314.c020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1844d314.c020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1845d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1846d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1847d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1848d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1849d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1850d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1851d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1852d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1853d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1854d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1855d314.c020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1856d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1857d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1858d314.c020: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1859d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1860d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1861d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1862d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1863d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1864d314.c020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1865d314.c020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1866d314.c020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1867d314.c020: supR3HardenedDllNotificationCallback: load 00007ffbca820000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1868d314.c020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1869d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbca820000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1870d314.c020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1871d314.c020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1872d314.c020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf77b0000 'C:\Windows\System32\oleaut32.dll'
1873d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1874d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1875d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7980000 'C:\WINDOWS\system32\gdi32.dll'
1876d314.d0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1877d314.d0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1878d314.d0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1879d314.d0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1880d314.d0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1881d314.d0cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
1882d314.d0cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1883d314.d0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1884d314.d0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1885d314.d0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1886d314.d0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1887d314.d0cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1888d314.d0cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1889d314.d0cc: supR3HardenedDllNotificationCallback: load 00007ffbf1360000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
1890d314.d0cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1891d314.d0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1360000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
1892d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1893d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1894d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
1895d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf79b0000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
1896d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1897d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
1898d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
1899d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
1900d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
1901d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1902d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1903d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1904d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1905d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1906d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1907d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1908d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1909d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1910d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1911d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1912d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1913d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1914d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1915d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1916d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1917d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1918d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1919d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1920d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a38 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1921d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
1922d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
1923d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
1924d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1925d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1926d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
1927d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1928d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1929d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
1930d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
1931d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
1932d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
1933d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
1934d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1935d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
1936d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
1937d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1938d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1939d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1940d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1941d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
1942d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1943d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
1944d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
1945d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1946d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1947d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1948d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1949d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1950d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1951d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1952d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1953d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
1954d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
1955d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
1956d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1957d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1958d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1959d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1960d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1961d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1962d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1963d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1964d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1965d314.9bd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
1966d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1967d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
1968d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
1969d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
1970d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1971d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1972d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1973d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1974d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1975d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1976d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1977d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
1978d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
1979d314.9bd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1980d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1981d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1982d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1983d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1984d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1985d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1986d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1987d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1988d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1989d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1990d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf3470000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
1991d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1992d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf1e90000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
1993d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1994d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf0260000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
1995d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1996d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbea0d0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
1997d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1998d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbea0d0000 'C:\WINDOWS\system32\dataexchange.dll'
1999d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2000d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2001d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
2002d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2003d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2004d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
2005d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
2006d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2007d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2008d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf3040000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2009d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2010d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2011d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2012d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2013d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2014d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2015d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2016d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2017d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2018d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2019d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2020d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2021d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2022d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2023d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2024d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2025d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf79b0000 'C:\WINDOWS\System32\MSCTF.dll'
2026d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2027d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2028d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8040000 'C:\WINDOWS\System32\ole32.dll'
2029d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2030d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2031d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf77b0000 'C:\WINDOWS\System32\OLEAUT32.dll'
2032d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2033d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2034d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2035d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
2036d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2037d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2038d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2039d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2040d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2041d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2042d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2043d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2044d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2045d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2046d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2047d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a10 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2048d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2049d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2050d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
2051d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2052d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2053d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2054d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2055d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2056d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2057d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2058d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2059d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2060d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2061d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2062d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2063d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2064d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2065d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2066d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2067d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2068d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2069d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2070d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2071d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2072d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2073d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2074d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2075d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2076d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbe7ab0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2077d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2078d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbdf030000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2079d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2080d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2081d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2082d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdf030000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2083d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2084d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2085d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2086d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
2087d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2088d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2089d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2090d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2091d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2092d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2093d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2094d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2095d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2096d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2097d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2098d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2099d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2100d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2101d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbe73c0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2102d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2103d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe73c0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2104d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2105d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-localization-l1-2-0.dll'
2106d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2107d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf46b0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2108d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2109d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2110d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2111d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
2112d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2113d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2114d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2115d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2116d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2117d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2118d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2119d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2120d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2121d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2122d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2123d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2124d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2125d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2126d314.9bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2127d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbdd660000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2128d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2129d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd660000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2130d314.c990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2131d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2132d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2133d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2134d314.c990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2135d314.c990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2136d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2137d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2138d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2139d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2140d314.c990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2141d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2142d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2143d314.c990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2144d314.c990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2145d314.c990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2146d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2147d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2148d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2149d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2150d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2151d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2152d314.c990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2153d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2154d314.c990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2155d314.c990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2156d314.c990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2157d314.c990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2158d314.c990: supR3HardenedDllNotificationCallback: load 00000000521a0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2159d314.c990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2160d314.c990: supR3HardenedDllNotificationCallback: load 00007ffba2460000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2161d314.c990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2162d314.c990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba2460000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2163d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2164d314.cfb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2165d314.cfb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2166d314.cfb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2167d314.cfb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2168d314.cfb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2169d314.cfb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2170d314.cfb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2171d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2172d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2173d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2174d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2175d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2176d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2177d314.cfb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2178d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2179d314.cfb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2180d314.cfb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2181d314.cfb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2182d314.cfb4: supR3HardenedDllNotificationCallback: load 00007ffbf1350000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2183d314.cfb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2184d314.cfb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1350000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2185d314.cfb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5720000 'C:\WINDOWS\system32\User32.dll'
2186d314.d6f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2187d314.d6f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2188d314.d6f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2189d314.d6f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2190d314.d6f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2191d314.d6f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2192d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2193d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2194d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2195d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2196d314.d6f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2197d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2198d314.d6f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2199d314.d6f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2200d314.d6f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2201d314.d6f0: supR3HardenedDllNotificationCallback: load 00007ffbf1300000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2202d314.d6f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2203d314.d6f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1300000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2204d314.ce54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2205d314.ce54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2206d314.ce54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2207d314.ce54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2208d314.ce54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2209d314.ce54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2210d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2211d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2212d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2213d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2214d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2215d314.ce54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2216d314.ce54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2217d314.ce54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2218d314.ce54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2219d314.ce54: supR3HardenedDllNotificationCallback: load 00007ffbf0d30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2220d314.ce54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2221d314.ce54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf0d30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2222d314.d538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2223d314.d538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2224d314.d538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2225d314.d538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2226d314.d538: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2227d314.d538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2228d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2229d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2230d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2231d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2232d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2233d314.d538: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2234d314.d538: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2235d314.d538: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2236d314.d538: supR3HardenedDllNotificationCallback: load 00007ffbef1a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2237d314.d538: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2238d314.d538: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbef1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2239d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\Shell32.dll'
2240d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2241d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2242d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba2460000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2243d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2244d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2245d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2246d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2247d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2248d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2249d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2250d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2251d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2252d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2253d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2254d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2255d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2256d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2257d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2258d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2259d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2260d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2261d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2262d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2263d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2264d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2265d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbcb0e0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2266d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2267d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb0e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2268d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbcb0e0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2269d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2270d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2271d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2272d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2273d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2274d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2275d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2276d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2277d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2278d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2279d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2280d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2281d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2282d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2283d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2284d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2285d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2286d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2287d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2288d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2289d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2290d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2291d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2292d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2293d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2294d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2295d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2296d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2297d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2298d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2299d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2300d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2301d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
2302d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2303d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2304d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2305d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2306d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2307d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2308d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2309d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2310d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2311d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2312d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2313d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2314d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2315d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2316d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2317d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2318d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2319d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2320d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2321d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2322d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2323d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2324d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2325d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2326d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2327d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2328d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2329d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2330d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2331d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2332d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2333d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2334d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2335d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2336d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2337d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2338d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2339d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2340d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2341d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2342d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2343d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2344d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2345d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2346d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2347d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2348d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2349d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2350d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2351d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2352d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2353d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2354d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2355d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2356d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2357d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf5b90000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
2358d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2359d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdbfa0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2360d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2361d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbcb0d0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2362d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2363d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf3cb0000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2364d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2365d314.5678: supR3HardenedDllNotificationCallback: load 00007ffba1ab0000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2366d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2367d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba1ab0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2368d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2369d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2370d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2371d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2372d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbcb080000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2373d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2374d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb080000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2375d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2376d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2377d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2378d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba3a80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2379d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2380d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2381d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2382d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb0d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2383d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2384d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2385d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2386d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2387d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2388d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2389d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2390d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2391d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2392d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2393d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2394d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2395d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdd890000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2396d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2397d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd890000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2398d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2399d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2400d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2401d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2402d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2403d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2404d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2405d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2406d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2407d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2408d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2409d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2410d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdd390000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2411d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2412d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd390000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2413d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2414d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2415d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2416d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2417d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2418d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2419d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2420d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2421d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2422d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2423d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2424d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2425d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdcb90000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2426d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2427d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcb90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2428d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2429d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2430d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2431d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2432d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2433d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2434d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2435d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2436d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2437d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2438d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2439d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2440d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdc920000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2441d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2442d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc920000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2443d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2444d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2445d314.cd54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2446d314.cd54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2447d314.cd54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2448d314.cd54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2449d314.cd54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2450d314.cd54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2451d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2452d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2453d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2454d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2455d314.cd54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2456d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2457d314.cd54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2458d314.cd54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2459d314.cd54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2460d314.cd54: supR3HardenedDllNotificationCallback: load 00007ffbf2ae0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2461d314.cd54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2462d314.cd54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2ae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2463d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2464d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2465d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2466d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2467d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2468d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2469d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2470d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2471d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2472d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2473d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2474d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2475d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2476d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2477d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2478d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2479d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2480d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2481d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2482d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2483d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2484d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2485d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbb88f0000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2486d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2487d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb88f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2488d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2489d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2490d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3cb0000 'C:\WINDOWS\system32\Iphlpapi.dll'
2491d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2492d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2493d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
2494d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2495d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf6290000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2496d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2497d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2498d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbeb420000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2499d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2500d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2501d314.5678: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
2502d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2503d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbeb340000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2504d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2505d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2506d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2507d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2508d314.5678: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
2509d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2510d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbeb320000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2511d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2512d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2513d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2514d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2515d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
2516d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2517d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2518d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2519d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2520d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2521d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2522d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2523d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2524d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2525d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2526d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2527d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2528d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2529d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2530d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2531d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2532d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2533d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2534d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2535d314.5678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2536d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2537d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2538d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2539d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
2540d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2541d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2542d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2543d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2544d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2545d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2546d314.5678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2547d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2548d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2549d314.5678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2550d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2551d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2552d314.5678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2553d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e24 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2554d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2555d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2556d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
2557d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2558d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2559d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2560d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2561d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2562d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
2563d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2564d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2565d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2566d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2567d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2568d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2569d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2570d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2571d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2572d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbb66c0000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
2573d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2574d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2575d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2576d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb66c0000 'C:\WINDOWS\System32\dsound.dll'
2577d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb66c0000 'C:\WINDOWS\System32\dsound.dll'
2578d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2579d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2580d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb66c0000 'C:\WINDOWS\system32\dsound.dll'
2581d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2582d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2583d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2584d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2585d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
2586d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
2587d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2588d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2589d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2590d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2591d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2592d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2593d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2594d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
2595d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2596d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2597d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2598d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2599d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2600d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2601d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2602d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2603d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2604d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2605d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2606d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2607d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2608d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2609d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
2610d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
2611d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2612d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2613d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2614d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2615d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2616d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2617d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2618d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2619d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2620d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2621d314.5678: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2622d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2623d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2624d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2625d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2626d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf3010000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
2627d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2628d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf0530000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
2629d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2630d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbeb630000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
2631d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2632d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeb630000 'C:\WINDOWS\System32\MMDevApi.dll'
2633d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2634d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2635d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeb630000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
2636d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2637d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2638d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2639d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f0c pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2640d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2641d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2642d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
2643d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2644d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2645d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2646d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2647d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2648d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
2649d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
2650d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
2651d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2652d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2653d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2654d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2655d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2656d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2657d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2658d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2659d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2660d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2661d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2662d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2663d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2664d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2665d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2666d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2667d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2668d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2669d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2670d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2671d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2672d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2673d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2674d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2675d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2676d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2677d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbea580000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
2678d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2679d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf1410000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
2680d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2681d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdfd90000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
2682d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2683d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2684d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2685d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2686d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2687d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2688d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2689d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2690d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2691d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2692d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2693d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2694d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2695d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2696d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2697d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2698d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2699d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
2700d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2701d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
2702d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
2703d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
2704d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2705d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2706d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2707d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2708d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2709d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2710d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2711d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2712d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2713d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2714d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2715d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2716d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2717d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2718d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2719d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2720d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
2721d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2722d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
2723d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2724d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2725d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbf2460000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2726d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2727d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbeac00000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
2728d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2729d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeac00000 'C:\WINDOWS\System32\AUDIOSES.DLL'
2730d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2731d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2732d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2733d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2734d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2735d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2736d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2737d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2738d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2739d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2740d314.5678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2741d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2742d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2743d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2744d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2745d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2746d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2747d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfd90000 'C:\WINDOWS\System32\wdmaud.drv'
2748d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d44 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2749d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2750d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2751d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
2752d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2753d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2754d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2755d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2756d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2757d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
2758d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
2759d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
2760d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
2761d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2762d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
2763d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
2764d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
2765d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2766d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2767d314.5678: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
2768d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2769d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2770d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2771d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2772d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2773d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
2774d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2775d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2776d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2777d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2778d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2779d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2780d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2781d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2782d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2783d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2784d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2785d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbdc9d0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
2786d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2787d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbe7260000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
2788d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2789d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2790d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2791d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2792d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2793d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2794d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2795d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2796d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2797d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2798d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2799d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2800d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2801d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2802d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2803d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2804d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2805d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2806d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2807d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2808d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2809d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2810d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7260000 'C:\WINDOWS\System32\msacm32.drv'
2811d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e08 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
2812d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2813d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2814d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
2815d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2816d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2817d314.5678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
2818d314.5678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2819d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2820d314.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
2821d314.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
2822d314.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2823d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2824d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2825d314.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2826d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2827d314.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2828d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2829d314.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2830d314.5678: supR3HardenedDllNotificationCallback: load 00007ffbe6d30000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
2831d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2832d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6d30000 'C:\WINDOWS\System32\midimap.dll'
2833d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2834d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2835d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6d30000 'C:\WINDOWS\System32\midimap.dll'
2836d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2837d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2838d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6d30000 'C:\WINDOWS\System32\midimap.dll'
2839d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2840d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2841d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6d30000 'C:\WINDOWS\System32\midimap.dll'
2842d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2843d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2844d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2845d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2846d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2847d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2848d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2849d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2850d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb66c0000 'C:\WINDOWS\system32\dsound.dll'
2851d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2852d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2853d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2854d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2855d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2856d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2857d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2858d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2859d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb66c0000 'C:\WINDOWS\system32\dsound.dll'
2860d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1020000 'C:\WINDOWS\System32\winmm.dll'
2861d314.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2862d314.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2863d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba2460000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2864d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2865d314.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2866d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2867d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
2868d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
2869d314.9bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2870d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2871d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2872d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
2873d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
2874d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2875d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2876d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2877d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2878d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2879d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2880d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2881d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2882d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2883d314.9bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2884d314.9bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll)
2885d314.9bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll
2886d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf3960000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2887d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2888d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf0440000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2889d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2890d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbf0390000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
2891d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
2892d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbecff0000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2893d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2894d314.9bd4: supR3HardenedDllNotificationCallback: load 00007ffbebe90000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2895d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2896d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2897d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2898d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2899d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2900d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2901d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2902d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2903d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2904d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2905d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2906d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2907d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2908d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2909d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2910d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2911d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2912d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2913d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2914d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2915d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2916d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2917d314.9bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2918d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2919d314.9bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2920d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2921d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2922d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll'
2923d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2924d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2925d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2926d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2927d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2928d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2929d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2930d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2931d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2932d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2933d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2934d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001154 pwszName=\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2935d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2936d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2937d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9F6A1B151CF57E6DCA07996124AC68D7674C81
2938d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2939d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2940d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-InputService-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2941d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2942d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2943d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2944d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2945d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2946d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2947d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2948d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2949d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf77b0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2950d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2951d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5720000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2952d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2953d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5720000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2954d314.9bd4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2955d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2956d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
2957d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2958d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7b20000 'api-ms-win-core-com-l1-1-1.dll'
2959d314.9bd4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2960d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2961d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
2962d314.9bd4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2963d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2964d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
2965d314.9bd4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2966d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2967d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
2968d314.9bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2969d314.9bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2970d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2971d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2972d314.8170: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
2973d314.8170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
2974d314.8170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
2975d314.8170: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
2976d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001110 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
2977d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
2978d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
2979d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8867A3D506FE23E5881B28A9F704179D1A9B603A
2980d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2981d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2982d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_733_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
2983d314.9bd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2984d314.9bd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
2985d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2986d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2987d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2988d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2989d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2990d314.9bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6370000 'C:\WINDOWS\system32\shell32.dll'
2991d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
2992d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf49f0000 'C:\Windows\System32\WINTRUST.DLL'
2993d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\CRYPT32.dll'
2994d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
2995d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2996d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2997d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
2998d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
2999d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
3000d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3001d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3002d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
3003d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3004d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3005d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3006d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3007d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3008d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
3009d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbeb7e0000 LB 0x00531000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
3010d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
3011d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeb7e0000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
3012d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3013d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'iertutil.dll'.
3014d314.cc40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll)
3015d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
3016d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3017d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
3018d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
3019d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbe9560000 LB 0x0028a000 C:\WINDOWS\SYSTEM32\iertutil.dll [fFlags=0x0]
3020d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
3021d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbe8950000 LB 0x001c7000 C:\WINDOWS\SYSTEM32\urlmon.dll [fFlags=0x0]
3022d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\urlmon.dll [avoiding WinVerifyTrust]
3023d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3024d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3025d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
3026d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
3027d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
3028d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3029d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3030d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3031d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3032d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
3033d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010fc pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll
3034d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3035d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3036d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=054F555EA04C9D2F2D658F13C6AB78597960B8E8
3037d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3038d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3039d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1228_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
3040d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3041d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
3042d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5720000 'C:\WINDOWS\System32\user32.dll'
3043d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000126c pwszName=\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3044d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3045d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3046d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=10A33EB8E383018F3802E998686D401E15235D4D
3047d314.4bc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3048d314.4bc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3049d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
3050d314.4bc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3051d314.4bc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3052d314.4bc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
3053d314.4bc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll) WinVerifyTrust
3054d314.4bc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3055d314.4bc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3056d314.4bc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3057d314.4bc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3058d314.4bc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3059d314.4bc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3060d314.4bc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3061d314.4bc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3062d314.4bc8: supR3HardenedDllNotificationCallback: load 00007ffbcb7b0000 LB 0x0001a000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [fFlags=0x0]
3063d314.4bc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3064d314.4bc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb7b0000 'C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
3065d314.4bc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
3066d314.4bc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WinTypes.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3067d314.4bc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2460000 'C:\Windows\System32\WinTypes.dll'
3068d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
3069d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3070d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
3071d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'gdi32.dll'.
3072d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'.
3073d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
3074d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
3075d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'shell32.dll'.
3076d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'iertutil.dll'.
3077d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
3078d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'netapi32.dll'.
3079d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'version.dll'.
3080d314.cc40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ieframe.dll)
3081d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3082d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ieframe.dll
3083d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3084d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3085d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=314C8E5BB2FE970FB2A2C36B79AB56D31C566AD3
3086d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3087d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3088d314.cc40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
3089d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3090d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
3091d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
3092d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
3093d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
3094d314.cc40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
3095d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3096d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
3097d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3098d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3099d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3100d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
3101d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
3102d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll
3103d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
3104d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
3105d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3106d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3107d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3108d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3109d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3110d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3111d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3112d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3113d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3114d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3115d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3116d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3117d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
3118d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
3119d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
3120d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3121d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3122d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3123d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3124d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3125d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3126d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1773_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\ieframe.dll'
3127d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3128d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ieframe.dll'
3129d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3130d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3131d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
3132d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3133d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3134d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
3135d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3136d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3137d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3138d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3139d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3140d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
3141d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3142d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
3143d314.cc40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dsreg.dll)
3144d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsreg.dll
3145d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3146d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll)
3147d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
3148d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netutils.dll)
3149d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netutils.dll
3150d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
3151d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3152d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wkscli.dll)
3153d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
3154d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbe6d10000 LB 0x00017000 C:\Windows\System32\NETAPI32.dll [fFlags=0x0]
3155d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3156d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbde290000 LB 0x0000a000 C:\Windows\System32\VERSION.dll [fFlags=0x0]
3157d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3158d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbf2970000 LB 0x0008f000 C:\Windows\System32\msvcp110_win.dll [fFlags=0x0]
3159d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
3160d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbeb110000 LB 0x0008e000 C:\Windows\System32\DSREG.DLL [fFlags=0x0]
3161d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dsreg.dll [avoiding WinVerifyTrust]
3162d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbf3da0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [fFlags=0x0]
3163d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
3164d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbf0420000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [fFlags=0x0]
3165d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
3166d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbbf770000 LB 0x00c3e000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
3167d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3168d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\wkscli.dll'.
3169d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' [rescheduled]
3170d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netutils.dll'.
3171d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netutils.dll' [rescheduled]
3172d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'.
3173d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll' [rescheduled]
3174d314.cc40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dsreg.dll'.
3175d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dsreg.dll' [rescheduled]
3176d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll'.
3177d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3178d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
3179d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
3180d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll)
3181d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll
3182d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3183d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3184d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3185d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3186d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3187d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3188d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3189d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3190d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3191d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3192d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3193d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3194d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3195d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3196d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3197d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3198d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
3199d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
3200d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [redoing WinVerifyTrust]
3201d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'.
3202d314.cc40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
3203d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
3204d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll [avoiding WinVerifyTrust]
3205d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbde300000 LB 0x00267000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll [fFlags=0x0]
3206d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll [avoiding WinVerifyTrust]
3207d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde300000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll'
3208d314.cc40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll'.
3209d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2\comctl32.dll' [rescheduled]
3210d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbf770000 'C:\Windows\System32\ieframe.dll'
3211d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3212d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3213d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf0530000 'C:\WINDOWS\System32\PROPSYS.dll'
3214d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3215d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3216d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf0530000 'C:\WINDOWS\system32\propsys.dll'
3217d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3218d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7b20000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
3219d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3220d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
3221d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'oleaut32.dll'.
3222d314.cc40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\edputil.dll)
3223d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\edputil.dll
3224d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbdf9f0000 LB 0x00044000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
3225d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
3226d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000132c pwszName=\Device\HarddiskVolume2\Windows\System32\edputil.dll
3227d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3228d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3229d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F63BC86D4CF6BDFBA6973D11E2859FC307878DE
3230d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3231d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3232d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3233d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3234d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3235d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3236d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3237d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3238d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1228_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\edputil.dll'
3239d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3240d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\edputil.dll'
3241d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001354 pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll
3242d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3243d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3244d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=36EF7B1ECD45479CD8E54E61BB9F6FC0D6C135A8
3245d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3246d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3247d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll'
3248d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3249d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll) WinVerifyTrust
3250d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll
3251d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3252d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
3253d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbdf040000 LB 0x0000c000 C:\WINDOWS\System32\Secur32.dll [fFlags=0x0]
3254d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
3255d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdf040000 'C:\WINDOWS\System32\Secur32.dll'
3256d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3257d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sspicli.dll)
3258d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
3259d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbf4500000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
3260d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
3261d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3262d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3263d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3264d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3265d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sspicli.dll'
3266d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll
3267d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3268d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4500000 'C:\WINDOWS\System32\sspicli.dll'
3269d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013e4 pwszName=\Device\HarddiskVolume2\Windows\System32\mlang.dll
3270d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3271d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3272d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA4EC695EFC7AD7A76B0A4951714BE7551DFBD5C
3273d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3274d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3275d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mlang.dll'
3276d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3277d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3278d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mlang.dll) WinVerifyTrust
3279d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mlang.dll
3280d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3281d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3282d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3283d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
3284d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbdd290000 LB 0x0003f000 C:\WINDOWS\System32\MLANG.dll [fFlags=0x0]
3285d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
3286d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd290000 'C:\WINDOWS\System32\MLANG.dll'
3287d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3288d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf58d0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
3289d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wininet.dll
3290d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3291d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3292d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7A7579F25FA9C6D33EC0713FA0EE672565364CE3
3293d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3294d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3295d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1228_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\wininet.dll'
3296d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3297d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3298d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wininet.dll) WinVerifyTrust
3299d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wininet.dll
3300d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3301d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3302d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3303d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
3304d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbe83d0000 LB 0x0032e000 C:\WINDOWS\System32\WININET.dll [fFlags=0x0]
3305d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
3306d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe83d0000 'C:\WINDOWS\System32\WININET.dll'
3307d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
3308d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3309d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3310d314.cc40: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
3311d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3312d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4c00000 'C:\WINDOWS\system32\windows.storage.dll'
3313d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'chrome_elf.dll'.
3314d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
3315d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'psapi.dll'.
3316d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
3317d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3318d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
3319d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winmm.dll'.
3320d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'userenv.dll'.
3321d314.cc40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'winhttp.dll'.
3322d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe)
3323d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe
3324d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
3325d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume2\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
3326d314.cc40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'.
3327d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winhttp.dll)
3328d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winhttp.dll
3329d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3330d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3331d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
3332d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3333d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3334d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3335d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3336d314.cc40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3337d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3338d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3339d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
3340d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
3341d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
3342d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
3343d314.cc40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
3344d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
3345d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
3346d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3347d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3348d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'chrome_elf.dll'...
3349d314.cc40: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'chrome_elf.dll'
3350d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3351d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3352d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd080000 'C:\Windows\System32\cryptnet.dll'
3353d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe'
3354d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3355d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3356d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
3357d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3358d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3359d314.cc40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
3360d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3361d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3362d314.cc40: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3363d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
3364d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3365d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3366d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\WINDOWS\System32\ntdll.dll'
3367d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001394 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
3368d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000108fa90
3369d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000108fa90
3370d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FFB70A4D61A062B2E16B0EA8C26E7B98F4D73F70
3371d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3b30000 'C:\WINDOWS\system32\rsaenh.dll'
3372d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5370000 'C:\WINDOWS\System32\crypt32.dll'
3373d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_962_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
3374d314.cc40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3375d314.cc40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
3376d314.cc40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3377d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3378d314.cc40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3379d314.cc40: supR3HardenedDllNotificationCallback: load 00007ffbf1a80000 LB 0x0007e000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
3380d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3381d314.cc40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3382d314.cc40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3383d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\WINDOWS\System32\ntdll.dll'
3384d314.cc40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\WINDOWS\system32\apphelp.dll'
3385d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbbf770000 LB 0x00c3e000 C:\Windows\System32\ieframe.dll [flags=0x0]
3386d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbe6d10000 LB 0x00017000 C:\Windows\System32\NETAPI32.dll [flags=0x0]
3387d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbde290000 LB 0x0000a000 C:\Windows\System32\VERSION.dll [flags=0x0]
3388d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbeb110000 LB 0x0008e000 C:\Windows\System32\DSREG.DLL [flags=0x0]
3389d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbf2970000 LB 0x0008f000 C:\Windows\System32\msvcp110_win.dll [flags=0x0]
3390d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbf3da0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [flags=0x0]
3391d314.cc40: supR3HardenedDllNotificationCallback: Unload 00007ffbf0420000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [flags=0x0]
3392d314.cd54: supR3HardenedDllNotificationCallback: Unload 00007ffbf2ae0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3393d314.d538: supR3HardenedDllNotificationCallback: Unload 00007ffbef1a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3394d314.ce54: supR3HardenedDllNotificationCallback: Unload 00007ffbf0d30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3395d314.d6f0: supR3HardenedDllNotificationCallback: Unload 00007ffbf1300000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3396d314.cfb4: supR3HardenedDllNotificationCallback: Unload 00007ffbf1350000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3397d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbdc920000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3398d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbdcb90000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3399d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbdd390000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3400d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbdd890000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3401d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbcb080000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3402d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffba1ab0000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3403d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbdbfa0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3404d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbcb0d0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3405d314.5678: supR3HardenedDllNotificationCallback: Unload 00007ffbf5b90000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
3406d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbf1360000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
3407d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbe73c0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3408d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbea0d0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3409d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbf1e90000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3410d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbf3470000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
3411d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbf0260000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3412d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbf3040000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3413d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbdd660000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3414d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbca820000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3415d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbcb7b0000 LB 0x0001a000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [flags=0x0]
3416d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbeb7e0000 LB 0x00531000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [flags=0x0]
3417d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbdf030000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3418d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffbe7ab0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3419d314.9bd4: supR3HardenedDllNotificationCallback: Unload 00007ffba3a80000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3420d314.9bd4: Terminating the normal way: rcExit=0
3421cf5c.d324: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 379112 ms, the end);
3422d69c.1224: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 379951 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy