VirtualBox

Ticket #16936: VBoxHardening.log

File VBoxHardening.log, 359.3 KB (added by declay, 7 years ago)

VBox Hardening

Line 
11624.12b4: Log file opened: 5.1.24r117012 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0383900
21624.12b4: \SystemRoot\System32\ntdll.dll:
31624.12b4: CreationTime: 2017-07-20T17:57:44.826378500Z
41624.12b4: LastWriteTime: 2017-06-21T07:52:00.368940000Z
51624.12b4: ChangeTime: 2017-07-21T00:11:50.652535800Z
61624.12b4: FileAttributes: 0x20
71624.12b4: Size: 0x1cc888
81624.12b4: NT Headers: 0xd8
91624.12b4: Timestamp: 0x594a1350
101624.12b4: Machine: 0x8664 - amd64
111624.12b4: Timestamp: 0x594a1350
121624.12b4: Image Version: 10.0
131624.12b4: SizeOfImage: 0x1d1000 (1904640)
141624.12b4: Resource Dir: 0x168000 LB 0x67988
151624.12b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161624.12b4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
171624.12b4: ProductName: Microsoft® Windows® Operating System
181624.12b4: ProductVersion: 10.0.14393.1378
191624.12b4: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
201624.12b4: FileDescription: NT Layer DLL
211624.12b4: \SystemRoot\System32\kernel32.dll:
221624.12b4: CreationTime: 2017-07-20T17:56:36.357325700Z
231624.12b4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
241624.12b4: ChangeTime: 2017-07-21T00:11:32.027450400Z
251624.12b4: FileAttributes: 0x20
261624.12b4: Size: 0xab208
271624.12b4: NT Headers: 0xf0
281624.12b4: Timestamp: 0x59028368
291624.12b4: Machine: 0x8664 - amd64
301624.12b4: Timestamp: 0x59028368
311624.12b4: Image Version: 10.0
321624.12b4: SizeOfImage: 0xac000 (704512)
331624.12b4: Resource Dir: 0xaa000 LB 0x530
341624.12b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351624.12b4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
361624.12b4: ProductName: Microsoft® Windows® Operating System
371624.12b4: ProductVersion: 10.0.14393.1198
381624.12b4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
391624.12b4: FileDescription: Windows NT BASE API Client DLL
401624.12b4: \SystemRoot\System32\KernelBase.dll:
411624.12b4: CreationTime: 2017-07-20T17:58:43.248494600Z
421624.12b4: LastWriteTime: 2017-06-21T07:52:57.971613700Z
431624.12b4: ChangeTime: 2017-07-21T00:11:47.715048700Z
441624.12b4: FileAttributes: 0x20
451624.12b4: Size: 0x21c780
461624.12b4: NT Headers: 0xf8
471624.12b4: Timestamp: 0x594a146b
481624.12b4: Machine: 0x8664 - amd64
491624.12b4: Timestamp: 0x594a146b
501624.12b4: Image Version: 10.0
511624.12b4: SizeOfImage: 0x21d000 (2215936)
521624.12b4: Resource Dir: 0x201000 LB 0x550
531624.12b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541624.12b4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
551624.12b4: ProductName: Microsoft® Windows® Operating System
561624.12b4: ProductVersion: 10.0.14393.1378
571624.12b4: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
581624.12b4: FileDescription: Windows NT BASE API Client DLL
591624.12b4: \SystemRoot\System32\apisetschema.dll:
601624.12b4: CreationTime: 2016-07-16T11:42:21.577586000Z
611624.12b4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
621624.12b4: ChangeTime: 2017-07-20T16:00:33.466798000Z
631624.12b4: FileAttributes: 0x20
641624.12b4: Size: 0x18960
651624.12b4: NT Headers: 0xc8
661624.12b4: Timestamp: 0x57899bd2
671624.12b4: Machine: 0x8664 - amd64
681624.12b4: Timestamp: 0x57899bd2
691624.12b4: Image Version: 10.0
701624.12b4: SizeOfImage: 0x19000 (102400)
711624.12b4: Resource Dir: 0x18000 LB 0x400
721624.12b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731624.12b4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
741624.12b4: ProductName: Microsoft® Windows® Operating System
751624.12b4: ProductVersion: 10.0.14393.0
761624.12b4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
771624.12b4: FileDescription: ApiSet Schema DLL
781624.12b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
791624.12b4: supR3HardenedWinFindAdversaries: 0x0
801624.12b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
811624.12b4: Calling main()
821624.12b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
831624.12b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
841624.12b4: SUPR3HardenedMain: Respawn #1
851624.12b4: System32: \Device\HarddiskVolume2\Windows\System32
861624.12b4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
871624.12b4: KnownDllPath: C:\Windows\System32
881624.12b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
891624.12b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
901624.12b4: supR3HardNtEnableThreadCreation:
911624.12b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd5b499fa0 pvNtTerminateThread=00007ffd5b4c6b30
921624.12b4: supR3HardenedWinDoReSpawn(1): New child dc0.13f0 [kernel32].
931624.12b4: supR3HardNtChildGatherData: PebBaseAddress=0000000000485000 cbPeb=0x388
941624.12b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd5b420000 uNtDllChildAddr=00007ffd5b420000
951624.12b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd5b499fa0
961624.12b4: supR3HardenedWinSetupChildInit: Start child.
971624.12b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
981624.12b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 29 sleeps
991624.12b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1001624.12b4: *0000000000000000-00000000002affff 0x0001/0x0000 0x0000000
1011624.12b4: *00000000002b0000-00000000002cffff 0x0004/0x0004 0x0020000
1021624.12b4: *00000000002d0000-00000000002e5fff 0x0002/0x0002 0x0040000
1031624.12b4: 00000000002e6000-00000000002effff 0x0001/0x0000 0x0000000
1041624.12b4: *00000000002f0000-00000000003eafff 0x0000/0x0004 0x0020000
1051624.12b4: 00000000003eb000-00000000003edfff 0x0104/0x0004 0x0020000
1061624.12b4: 00000000003ee000-00000000003effff 0x0004/0x0004 0x0020000
1071624.12b4: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
1081624.12b4: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000
1091624.12b4: *0000000000400000-0000000000484fff 0x0000/0x0004 0x0020000
1101624.12b4: 0000000000485000-0000000000487fff 0x0004/0x0004 0x0020000
1111624.12b4: 0000000000488000-00000000005fffff 0x0000/0x0004 0x0020000
1121624.12b4: *0000000000600000-0000000000601fff 0x0004/0x0004 0x0020000
1131624.12b4: 0000000000602000-000000007ffdffff 0x0001/0x0000 0x0000000
1141624.12b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1151624.12b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1161624.12b4: 000000007fff0000-00007ff6cf3fffff 0x0001/0x0000 0x0000000
1171624.12b4: *00007ff6cf400000-00007ff6cf422fff 0x0002/0x0002 0x0040000
1181624.12b4: 00007ff6cf423000-00007ff6cf92ffff 0x0001/0x0000 0x0000000
1191624.12b4: *00007ff6cf930000-00007ff6cf930fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201624.12b4: 00007ff6cf931000-00007ff6cf9a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211624.12b4: 00007ff6cf9a1000-00007ff6cf9a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221624.12b4: 00007ff6cf9a2000-00007ff6cf9e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231624.12b4: 00007ff6cf9e8000-00007ff6cf9e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1241624.12b4: 00007ff6cf9e9000-00007ff6cf9e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1251624.12b4: 00007ff6cf9ea000-00007ff6cf9eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1261624.12b4: 00007ff6cf9ef000-00007ff6cf9effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1271624.12b4: 00007ff6cf9f0000-00007ff6cf9f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1281624.12b4: 00007ff6cf9f1000-00007ff6cf9f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1291624.12b4: 00007ff6cf9f5000-00007ff6cfa3cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1301624.12b4: 00007ff6cfa3d000-00007ffd5b41ffff 0x0001/0x0000 0x0000000
1311624.12b4: *00007ffd5b420000-00007ffd5b420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1321624.12b4: 00007ffd5b421000-00007ffd5b527fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1331624.12b4: 00007ffd5b528000-00007ffd5b56bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1341624.12b4: 00007ffd5b56c000-00007ffd5b574fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1351624.12b4: 00007ffd5b575000-00007ffd5b582fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1361624.12b4: 00007ffd5b583000-00007ffd5b583fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1371624.12b4: 00007ffd5b584000-00007ffd5b586fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1381624.12b4: 00007ffd5b587000-00007ffd5b5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1391624.12b4: 00007ffd5b5f1000-00007ffffffdffff 0x0001/0x0000 0x0000000
1401624.12b4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1411624.12b4: VirtualBox.exe: timestamp 0x596d0abb (rc=VINF_SUCCESS)
1421624.12b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1431624.12b4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1441624.12b4: supR3HardNtChildPurify: Done after 345 ms and 0 fixes (loop #0).
145dc0.13f0: Log file opened: 5.1.24r117012 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
146dc0.13f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd5b420000 g_uNtVerCombined=0xa0383900
147dc0.13f0: ntdll.dll: timestamp 0x594a1350 (rc=VINF_SUCCESS)
148dc0.13f0: New simple heap: #1 0000000000710000 LB 0x400000 (for 1904640 allocation)
1491624.12b4: supR3HardNtEnableThreadCreation:
150dc0.13f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
151dc0.13f0: System32: \Device\HarddiskVolume2\Windows\System32
152dc0.13f0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
153dc0.13f0: KnownDllPath: C:\Windows\System32
154dc0.13f0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
155dc0.13f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
156dc0.13f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
157dc0.13f0: Registered Dll notification callback with NTDLL.
158dc0.13f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
159dc0.13f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
160dc0.13f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
161dc0.13f0: supR3HardenedDllNotificationCallback: load 00007ffd57a20000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
162dc0.13f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
163dc0.13f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
164dc0.13f0: supR3HardenedDllNotificationCallback: load 00007ffd5b370000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
165dc0.13f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
166dc0.13f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b370000 'C:\Windows\System32\KERNEL32.DLL'
167dc0.13f0: supR3HardenedDllNotificationCallback: load 00007ff6cf930000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
168dc0.13f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
169dc0.13f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
170dc0.13f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
171dc0.13f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd5b499fa0 pvNtTerminateThread=00007ffd5b4c6b30
1721624.12b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 181 ms.
173dc0.13f0: \SystemRoot\System32\ntdll.dll:
174dc0.13f0: CreationTime: 2017-07-20T17:57:44.826378500Z
175dc0.13f0: LastWriteTime: 2017-06-21T07:52:00.368940000Z
176dc0.13f0: ChangeTime: 2017-07-21T00:11:50.652535800Z
177dc0.13f0: FileAttributes: 0x20
178dc0.13f0: Size: 0x1cc888
179dc0.13f0: NT Headers: 0xd8
180dc0.13f0: Timestamp: 0x594a1350
181dc0.13f0: Machine: 0x8664 - amd64
182dc0.13f0: Timestamp: 0x594a1350
183dc0.13f0: Image Version: 10.0
184dc0.13f0: SizeOfImage: 0x1d1000 (1904640)
185dc0.13f0: Resource Dir: 0x168000 LB 0x67988
186dc0.13f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
187dc0.13f0: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
188dc0.13f0: ProductName: Microsoft® Windows® Operating System
189dc0.13f0: ProductVersion: 10.0.14393.1378
190dc0.13f0: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
191dc0.13f0: FileDescription: NT Layer DLL
192dc0.13f0: \SystemRoot\System32\kernel32.dll:
193dc0.13f0: CreationTime: 2017-07-20T17:56:36.357325700Z
194dc0.13f0: LastWriteTime: 2017-04-28T00:49:43.332433600Z
195dc0.13f0: ChangeTime: 2017-07-21T00:11:32.027450400Z
196dc0.13f0: FileAttributes: 0x20
197dc0.13f0: Size: 0xab208
198dc0.13f0: NT Headers: 0xf0
199dc0.13f0: Timestamp: 0x59028368
200dc0.13f0: Machine: 0x8664 - amd64
201dc0.13f0: Timestamp: 0x59028368
202dc0.13f0: Image Version: 10.0
203dc0.13f0: SizeOfImage: 0xac000 (704512)
204dc0.13f0: Resource Dir: 0xaa000 LB 0x530
205dc0.13f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
206dc0.13f0: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
207dc0.13f0: ProductName: Microsoft® Windows® Operating System
208dc0.13f0: ProductVersion: 10.0.14393.1198
209dc0.13f0: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
210dc0.13f0: FileDescription: Windows NT BASE API Client DLL
211dc0.13f0: \SystemRoot\System32\KernelBase.dll:
212dc0.13f0: CreationTime: 2017-07-20T17:58:43.248494600Z
213dc0.13f0: LastWriteTime: 2017-06-21T07:52:57.971613700Z
214dc0.13f0: ChangeTime: 2017-07-21T00:11:47.715048700Z
215dc0.13f0: FileAttributes: 0x20
216dc0.13f0: Size: 0x21c780
217dc0.13f0: NT Headers: 0xf8
218dc0.13f0: Timestamp: 0x594a146b
219dc0.13f0: Machine: 0x8664 - amd64
220dc0.13f0: Timestamp: 0x594a146b
221dc0.13f0: Image Version: 10.0
222dc0.13f0: SizeOfImage: 0x21d000 (2215936)
223dc0.13f0: Resource Dir: 0x201000 LB 0x550
224dc0.13f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
225dc0.13f0: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
226dc0.13f0: ProductName: Microsoft® Windows® Operating System
227dc0.13f0: ProductVersion: 10.0.14393.1378
228dc0.13f0: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
229dc0.13f0: FileDescription: Windows NT BASE API Client DLL
230dc0.13f0: \SystemRoot\System32\apisetschema.dll:
231dc0.13f0: CreationTime: 2016-07-16T11:42:21.577586000Z
232dc0.13f0: LastWriteTime: 2016-07-16T11:42:21.577586000Z
233dc0.13f0: ChangeTime: 2017-07-20T16:00:33.466798000Z
234dc0.13f0: FileAttributes: 0x20
235dc0.13f0: Size: 0x18960
236dc0.13f0: NT Headers: 0xc8
237dc0.13f0: Timestamp: 0x57899bd2
238dc0.13f0: Machine: 0x8664 - amd64
239dc0.13f0: Timestamp: 0x57899bd2
240dc0.13f0: Image Version: 10.0
241dc0.13f0: SizeOfImage: 0x19000 (102400)
242dc0.13f0: Resource Dir: 0x18000 LB 0x400
243dc0.13f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
244dc0.13f0: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
245dc0.13f0: ProductName: Microsoft® Windows® Operating System
246dc0.13f0: ProductVersion: 10.0.14393.0
247dc0.13f0: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
248dc0.13f0: FileDescription: ApiSet Schema DLL
249dc0.13f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
250dc0.13f0: supR3HardenedWinFindAdversaries: 0x0
251dc0.13f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
252dc0.13f0: Calling main()
253dc0.13f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
254dc0.13f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
255dc0.13f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
256dc0.13f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
257dc0.13f0: SUPR3HardenedMain: Respawn #2
258dc0.13f0: supR3HardNtEnableThreadCreation:
259dc0.13f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd5b499fa0 pvNtTerminateThread=00007ffd5b4c6b30
260dc0.13f0: supR3HardenedWinDoReSpawn(2): New child 1a98.f60 [kernel32].
261dc0.13f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
262dc0.13f0: supR3HardNtChildGatherData: PebBaseAddress=00000000009af000 cbPeb=0x388
263dc0.13f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd5b420000 uNtDllChildAddr=00007ffd5b420000
264dc0.13f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd5b499fa0
265dc0.13f0: supR3HardenedWinSetupChildInit: Start child.
266dc0.13f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
267dc0.13f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
268dc0.13f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
269dc0.13f0: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000
270dc0.13f0: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000
271dc0.13f0: *0000000000700000-0000000000715fff 0x0002/0x0002 0x0040000
272dc0.13f0: 0000000000716000-000000000071ffff 0x0001/0x0000 0x0000000
273dc0.13f0: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
274dc0.13f0: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
275dc0.13f0: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
276dc0.13f0: 0000000000732000-00000000007fffff 0x0001/0x0000 0x0000000
277dc0.13f0: *0000000000800000-00000000009aefff 0x0000/0x0004 0x0020000
278dc0.13f0: 00000000009af000-00000000009b1fff 0x0004/0x0004 0x0020000
279dc0.13f0: 00000000009b2000-00000000009fffff 0x0000/0x0004 0x0020000
280dc0.13f0: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
281dc0.13f0: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
282dc0.13f0: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
283dc0.13f0: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
284dc0.13f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
285dc0.13f0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
286dc0.13f0: 000000007fff0000-00007ff6ceb0ffff 0x0001/0x0000 0x0000000
287dc0.13f0: *00007ff6ceb10000-00007ff6ceb32fff 0x0002/0x0002 0x0040000
288dc0.13f0: 00007ff6ceb33000-00007ff6cf92ffff 0x0001/0x0000 0x0000000
289dc0.13f0: *00007ff6cf930000-00007ff6cf930fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
290dc0.13f0: 00007ff6cf931000-00007ff6cf9a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
291dc0.13f0: 00007ff6cf9a1000-00007ff6cf9a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
292dc0.13f0: 00007ff6cf9a2000-00007ff6cf9e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
293dc0.13f0: 00007ff6cf9e8000-00007ff6cf9e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
294dc0.13f0: 00007ff6cf9e9000-00007ff6cf9e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
295dc0.13f0: 00007ff6cf9ea000-00007ff6cf9eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
296dc0.13f0: 00007ff6cf9ef000-00007ff6cf9effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
297dc0.13f0: 00007ff6cf9f0000-00007ff6cf9f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
298dc0.13f0: 00007ff6cf9f1000-00007ff6cf9f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
299dc0.13f0: 00007ff6cf9f5000-00007ff6cfa3cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
300dc0.13f0: 00007ff6cfa3d000-00007ffd5b41ffff 0x0001/0x0000 0x0000000
301dc0.13f0: *00007ffd5b420000-00007ffd5b420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
302dc0.13f0: 00007ffd5b421000-00007ffd5b527fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
303dc0.13f0: 00007ffd5b528000-00007ffd5b56bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
304dc0.13f0: 00007ffd5b56c000-00007ffd5b574fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
305dc0.13f0: 00007ffd5b575000-00007ffd5b582fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
306dc0.13f0: 00007ffd5b583000-00007ffd5b583fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
307dc0.13f0: 00007ffd5b584000-00007ffd5b586fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
308dc0.13f0: 00007ffd5b587000-00007ffd5b5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
309dc0.13f0: 00007ffd5b5f1000-00007ffffffdffff 0x0001/0x0000 0x0000000
310dc0.13f0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
311dc0.13f0: VirtualBox.exe: timestamp 0x596d0abb (rc=VINF_SUCCESS)
312dc0.13f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
313dc0.13f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
314dc0.13f0: supR3HardNtChildPurify: Done after 344 ms and 0 fixes (loop #0).
315dc0.13f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000710000 LB 0x400000)
3161a98.f60: Log file opened: 5.1.24r117012 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
3171a98.f60: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd5b420000 g_uNtVerCombined=0xa0383900
318dc0.13f0: supR3HardNtEnableThreadCreation:
3191a98.f60: ntdll.dll: timestamp 0x594a1350 (rc=VINF_SUCCESS)
3201a98.f60: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1904640 allocation)
3211a98.f60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3221a98.f60: System32: \Device\HarddiskVolume2\Windows\System32
3231a98.f60: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3241a98.f60: KnownDllPath: C:\Windows\System32
3251a98.f60: supR3HardenedVmProcessInit: Opening vboxdrv...
3261a98.f60: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3271a98.f60: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3281a98.f60: Registered Dll notification callback with NTDLL.
3291a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3301a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3311a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3321a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57a20000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
3331a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3341a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3351a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd5b370000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
3361a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3371a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b370000 'C:\Windows\System32\KERNEL32.DLL'
3381a98.f60: supR3HardenedDllNotificationCallback: load 00007ff6cf930000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3391a98.f60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3401a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3411a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3421a98.f60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd5b499fa0 pvNtTerminateThread=00007ffd5b4c6b30
343dc0.13f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 203 ms.
3441a98.f60: \SystemRoot\System32\ntdll.dll:
3451a98.f60: CreationTime: 2017-07-20T17:57:44.826378500Z
3461a98.f60: LastWriteTime: 2017-06-21T07:52:00.368940000Z
3471a98.f60: ChangeTime: 2017-07-21T00:11:50.652535800Z
3481a98.f60: FileAttributes: 0x20
3491a98.f60: Size: 0x1cc888
3501a98.f60: NT Headers: 0xd8
3511a98.f60: Timestamp: 0x594a1350
3521a98.f60: Machine: 0x8664 - amd64
3531a98.f60: Timestamp: 0x594a1350
3541a98.f60: Image Version: 10.0
3551a98.f60: SizeOfImage: 0x1d1000 (1904640)
3561a98.f60: Resource Dir: 0x168000 LB 0x67988
3571a98.f60: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3581a98.f60: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
3591a98.f60: ProductName: Microsoft® Windows® Operating System
3601a98.f60: ProductVersion: 10.0.14393.1378
3611a98.f60: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
3621a98.f60: FileDescription: NT Layer DLL
3631a98.f60: \SystemRoot\System32\kernel32.dll:
3641a98.f60: CreationTime: 2017-07-20T17:56:36.357325700Z
3651a98.f60: LastWriteTime: 2017-04-28T00:49:43.332433600Z
3661a98.f60: ChangeTime: 2017-07-21T00:11:32.027450400Z
3671a98.f60: FileAttributes: 0x20
3681a98.f60: Size: 0xab208
3691a98.f60: NT Headers: 0xf0
3701a98.f60: Timestamp: 0x59028368
3711a98.f60: Machine: 0x8664 - amd64
3721a98.f60: Timestamp: 0x59028368
3731a98.f60: Image Version: 10.0
3741a98.f60: SizeOfImage: 0xac000 (704512)
3751a98.f60: Resource Dir: 0xaa000 LB 0x530
3761a98.f60: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3771a98.f60: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
3781a98.f60: ProductName: Microsoft® Windows® Operating System
3791a98.f60: ProductVersion: 10.0.14393.1198
3801a98.f60: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
3811a98.f60: FileDescription: Windows NT BASE API Client DLL
3821a98.f60: \SystemRoot\System32\KernelBase.dll:
3831a98.f60: CreationTime: 2017-07-20T17:58:43.248494600Z
3841a98.f60: LastWriteTime: 2017-06-21T07:52:57.971613700Z
3851a98.f60: ChangeTime: 2017-07-21T00:11:47.715048700Z
3861a98.f60: FileAttributes: 0x20
3871a98.f60: Size: 0x21c780
3881a98.f60: NT Headers: 0xf8
3891a98.f60: Timestamp: 0x594a146b
3901a98.f60: Machine: 0x8664 - amd64
3911a98.f60: Timestamp: 0x594a146b
3921a98.f60: Image Version: 10.0
3931a98.f60: SizeOfImage: 0x21d000 (2215936)
3941a98.f60: Resource Dir: 0x201000 LB 0x550
3951a98.f60: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3961a98.f60: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
3971a98.f60: ProductName: Microsoft® Windows® Operating System
3981a98.f60: ProductVersion: 10.0.14393.1378
3991a98.f60: FileVersion: 10.0.14393.1378 (rs1_release.170620-2008)
4001a98.f60: FileDescription: Windows NT BASE API Client DLL
4011a98.f60: \SystemRoot\System32\apisetschema.dll:
4021a98.f60: CreationTime: 2016-07-16T11:42:21.577586000Z
4031a98.f60: LastWriteTime: 2016-07-16T11:42:21.577586000Z
4041a98.f60: ChangeTime: 2017-07-20T16:00:33.466798000Z
4051a98.f60: FileAttributes: 0x20
4061a98.f60: Size: 0x18960
4071a98.f60: NT Headers: 0xc8
4081a98.f60: Timestamp: 0x57899bd2
4091a98.f60: Machine: 0x8664 - amd64
4101a98.f60: Timestamp: 0x57899bd2
4111a98.f60: Image Version: 10.0
4121a98.f60: SizeOfImage: 0x19000 (102400)
4131a98.f60: Resource Dir: 0x18000 LB 0x400
4141a98.f60: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4151a98.f60: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
4161a98.f60: ProductName: Microsoft® Windows® Operating System
4171a98.f60: ProductVersion: 10.0.14393.0
4181a98.f60: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
4191a98.f60: FileDescription: ApiSet Schema DLL
4201a98.f60: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4211a98.f60: supR3HardenedWinFindAdversaries: 0x0
4221a98.f60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4231a98.f60: Calling main()
4241a98.f60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4251a98.f60: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4261a98.f60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4271a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4281a98.f60: SUPR3HardenedMain: Final process, opening VBoxDrv...
4291a98.f60: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
4301a98.f60: supR3HardNtEnableThreadCreation:
4311a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4321a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4331a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4341a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4351a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd55d50000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4361a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4371a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4381a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55d50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4401a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4411a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4421a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55d50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4431a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55d50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4441a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4451a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4461a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4471a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4481a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4491a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4501a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4521a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4531a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4541a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4551a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4561a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
4571a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4581a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4601a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4611a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4621a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4631a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4641a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4651a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4661a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4671a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4681a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4691a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4701a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4711a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59410000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
4721a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4731a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57900000 LB 0x00010000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
4741a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4751a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd588b0000 LB 0x000f5000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
4761a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
4771a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
4781a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57e50000 LB 0x001c9000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
4791a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4801a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd5b060000 LB 0x00121000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
4811a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4821a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd579c0000 LB 0x00055000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
4831a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4841a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4851a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4861a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-synch-l1-2-0'
4871a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4881a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4891a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-fibers-l1-1-1'
4901a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4911a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4921a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-fibers-l1-1-1'
4931a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4941a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4951a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-synch-l1-2-0'
4961a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
4971a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4981a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-localization-l1-2-1'
4991a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\system32\Wintrust.dll'
5001a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5011a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5021a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5031a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5041a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd577d0000 LB 0x0002b000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
5051a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5061a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd577d0000 'C:\Windows\system32\bcrypt.dll'
5071a98.f60: bcrypt.dll loaded at 00007ffd577d0000, BCryptOpenAlgorithmProvider at 00007ffd577d4260, preloading providers:
5081a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5091a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5101a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5111a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57c40000 LB 0x0006a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
5121a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5131a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57c40000 'C:\Windows\system32\bcryptprimitives.dll'
5141a98.f60: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010adf20)
5151a98.f60: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010aed40)
5161a98.f60: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010af010)
5171a98.f60: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010afaf0)
5181a98.f60: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010afdc0)
5191a98.f60: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010b0090)
5201a98.f60: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010b0360)
5211a98.f60: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010b0630)
5221a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5231a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5241a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5251a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5261a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5271a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5281a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5291a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5301a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5311a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5321a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5331a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5341a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5351a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5361a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5371a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5381a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5401a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5411a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5421a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5431a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5441a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5451a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57360000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5461a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5471a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5481a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5491a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5501a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5521a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5531a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5541a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5551a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd56dc0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5561a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5571a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
5581a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5591a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5601a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5611a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57380000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5621a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5631a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5641a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5651a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5661a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5671a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5681a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b370000 'C:\Windows\System32\kernel32.dll'
5691a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5701a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
5711a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5721a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5731a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\CRYPT32.dll'
5741a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd593c0000 LB 0x0001c000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
5751a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5761a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5771a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5781a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5791a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
5801a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59610000 LB 0x00059000 C:\Windows\System32\sechost.dll [fFlags=0x0]
5811a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5821a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5831a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5841a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5851a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5861a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5871a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5881a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd56780000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
5891a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5901a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57890000 LB 0x00014000 C:\Windows\System32\profapi.dll [fFlags=0x0]
5911a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5921a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
5931a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5941a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5951a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
5961a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
5971a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5981a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5991a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6001a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6011a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6021a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6031a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6041a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6051a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6061a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6071a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6081a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6091a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6101a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6111a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6121a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6131a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6141a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd47c80000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
6151a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6161a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6171a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6181a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6191a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6201a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6211a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6221a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6231a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6241a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6251a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6261a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6271a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6281a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6291a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6301a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6311a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6321a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6331a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6341a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6351a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6361a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6371a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6381a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6401a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6411a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6421a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6431a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6441a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6451a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6461a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c80000 'C:\Windows\System32\cryptnet.dll'
6471a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd589b0000 LB 0x000a2000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
6481a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6491a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6501a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
6511a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6521a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6531a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6541a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6551a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6561a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6571a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6581a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6591a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6601a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6611a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6621a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6631a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6641a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
6651a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6661a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6671a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
6681a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6691a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010f96b0
6701a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
6711a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1FB8AC954EB98779AE2C41DFB6C49D4109C4CFD8
6721a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6731a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6741a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b060000 'C:\Windows\System32\rpcrt4.dll'
6751a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6761a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6771a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6781a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6791a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6801a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6811a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6821a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6831a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6841a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6851a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6861a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6871a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6881a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6891a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\System32\WINTRUST.DLL'
6901a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6911a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6921a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
6931a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6941a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6951a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
6961a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4209_for_KB4025339~31bf3856ad364e35~amd64~~10.0.1.15.cat'; file='\SystemRoot\System32\ntdll.dll'
6971a98.f60: g_pfnWinVerifyTrust=00007ffd579c7ff0
6981a98.f60: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6991a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7001a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7011a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7021a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7031a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7041a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7051a98.f60: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
7061a98.f60: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7071a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7081a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7091a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7101a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7111a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7121a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7131a98.f60: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
7141a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7151a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7161a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7171a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7181a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7191a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7201a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
7211a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
7221a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
7231a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7241a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7251a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7261a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7271a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7281a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7291a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7301a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7311a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7321a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7331a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7341a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7351a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7361a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7371a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7381a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7401a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7411a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7421a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7431a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7441a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7451a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7461a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7471a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7481a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7491a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7501a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7511a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7521a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7531a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7541a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7551a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7561a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7571a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7581a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7591a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7601a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7611a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7621a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7631a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7641a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7651a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7661a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7671a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7681a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
7691a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7701a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7711a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7721a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7731a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7741a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7751a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7761a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7771a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7781a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7791a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7801a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7811a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7821a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7831a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7841a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7851a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
7861a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
7871a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7881a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\system32\crypt32.dll'
7891a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7901a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7911a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7921a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7931a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7941a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7951a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7961a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7971a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7981a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7991a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8001a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8011a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8021a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8031a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8041a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8051a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8061a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8071a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8081a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8091a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8101a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8111a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8121a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8131a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8141a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8151a98.f60: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8161a98.f60: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=27
8171a98.f60: SUPR3HardenedMain: Load Runtime...
8181a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
8191a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8201a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8211a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8221a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8231a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8241a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8251a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8271a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8281a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8301a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
8311a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
8321a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8331a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8341a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8351a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8371a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8391a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8401a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
8411a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8421a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8431a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8441a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8451a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8461a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8471a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8481a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8491a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8501a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8511a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
8521a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8531a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8541a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8551a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8561a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8571a98.f60: supR3HardenedDllNotificationCallback: load 0000000067db0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8581a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8591a98.f60: supR3HardenedDllNotificationCallback: load 0000000067e90000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8601a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8611a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd5b190000 LB 0x0006a000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
8621a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8631a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd38240000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8641a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8651a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8661a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8671a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8681a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8691a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8701a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8711a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8721a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8731a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8741a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8751a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8761a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8771a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8781a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8791a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8801a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8811a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8821a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8831a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8841a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8851a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8861a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8881a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8891a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8911a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8921a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8931a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8941a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9021a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9031a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9051a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9061a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9111a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9121a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9141a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9151a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38240000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9161a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd579c0000 'C:\Windows\system32\Wintrust.dll'
9171a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9181a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
9191a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9201a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9211a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9221a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
9231a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\system32\crypt32.dll'
9241a98.f60: SUPR3HardenedMain: Load TrustedMain...
9251a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9261a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9271a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9281a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9291a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9301a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9311a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9321a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9331a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9341a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9351a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9361a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9371a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9381a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9391a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9401a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
9411a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9421a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9431a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9441a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9451a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9461a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
9471a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9481a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9491a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9501a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9521a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9531a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9541a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9551a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9561a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9571a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9581a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9591a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9601a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9611a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9631a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9641a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9651a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9661a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9671a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9681a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
9691a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9701a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9711a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
9721a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
9731a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
9741a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9751a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9761a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9771a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9781a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9791a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9801a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9811a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
9821a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9831a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
9841a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
9851a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
9861a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9871a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9881a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
9891a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
9901a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
9911a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9921a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9931a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
9941a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9951a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9961a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
9971a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
9981a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
9991a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
10001a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
10011a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
10021a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
10031a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10041a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10051a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10061a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10071a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10081a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
10091a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10101a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10111a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
10121a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10131a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
10141a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10151a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10161a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10171a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10181a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
10191a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10201a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10221a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10231a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10251a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10281a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
10291a98.f60: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
10301a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
10311a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
10321a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
10331a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
10341a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10351a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
10361a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
10371a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
10381a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10401a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10411a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10431a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10441a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
10451a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10461a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10471a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10481a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10491a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10501a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10521a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10531a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10541a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
10551a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
10561a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10571a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10581a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10591a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
10601a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10611a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10621a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10631a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10641a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10651a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10661a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
10671a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
10681a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10691a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10701a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10711a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10721a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10731a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10741a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10751a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10761a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10771a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10781a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10791a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10801a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10811a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10821a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10831a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10841a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10851a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10861a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
10871a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10881a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
10891a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10901a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10911a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10921a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10931a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10941a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10951a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10961a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10971a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10981a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
10991a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11001a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11011a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11021a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11031a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11041a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11051a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11061a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11071a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11081a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11091a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11101a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11111a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11121a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11131a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11141a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11151a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11161a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11171a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11181a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11191a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11201a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11221a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11231a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11251a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11281a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11301a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11311a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11321a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11331a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11341a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11351a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11371a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11401a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11411a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11431a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11441a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11451a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11461a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
11471a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11481a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11491a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
11501a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
11511a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
11521a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11531a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
11541a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
11551a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11561a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11571a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
11581a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11601a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11611a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11631a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11641a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11651a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11661a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
11671a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
11681a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
11691a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11701a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11711a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11721a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11731a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11741a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11751a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11761a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11771a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
11781a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11791a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11801a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11811a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11821a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11831a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11841a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11851a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11861a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11871a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
11881a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
11891a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
11901a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11911a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
11921a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
11931a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
11941a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
11951a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
11961a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11971a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11981a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
11991a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12001a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12011a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12021a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12031a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12041a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12051a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12061a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12071a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12081a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12091a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12101a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12111a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12121a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12131a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12141a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12151a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12161a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12171a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12181a98.f60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12191a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12201a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
12221a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
12231a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
12241a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12251a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12261a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12271a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
12281a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
12291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12301a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12311a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12321a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12331a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12341a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12351a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12371a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12401a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12411a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12431a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12441a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
12451a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12461a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12471a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12481a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12491a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12501a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12511a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
12521a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
12531a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
12541a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
12551a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12561a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12571a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
12581a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12601a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12611a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12631a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
12641a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12651a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
12661a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'.
12671a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
12681a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'.
12691a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'.
12701a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
12711a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12721a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12731a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12741a98.f60: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12751a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12761a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
12771a98.f60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12781a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12791a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12801a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12811a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12821a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12831a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12841a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12851a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12861a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12871a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12881a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12891a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12901a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12911a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12921a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12931a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12941a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12951a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
12961a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12971a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12981a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12991a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13001a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
13011a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13021a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13031a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
13041a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13051a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13061a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13071a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
13081a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
13091a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13101a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13111a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13121a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13131a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13141a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
13151a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13161a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
13171a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
13181a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13191a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13201a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13221a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13231a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13251a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13281a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13301a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13311a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13321a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13331a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13341a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13351a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13371a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13381a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
13401a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13411a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13431a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13441a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
13451a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13461a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13471a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13481a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
13491a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
13501a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
13511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13521a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13531a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13541a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
13551a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
13561a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13571a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13581a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13601a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13611a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13631a98.f60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
13641a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
13651a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
13661a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
13671a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
13681a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
13691a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
13701a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13711a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13721a98.f60: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13731a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13741a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13751a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13761a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13771a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13781a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13791a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13801a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13811a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
13821a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13831a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
13841a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13851a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
13861a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13871a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13881a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13891a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll)
13901a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll
13911a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13921a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
13931a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57e30000 LB 0x0001e000 C:\Windows\System32\win32u.dll [fFlags=0x0]
13941a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
13951a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59670000 LB 0x00165000 C:\Windows\System32\USER32.dll [fFlags=0x0]
13961a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57cb0000 LB 0x00180000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
13971a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
13981a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13991a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
14001a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
14011a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
14021a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59890000 LB 0x00034000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
14031a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14041a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd55270000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14051a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14061a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4a230000 LB 0x000f7000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
14071a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14081a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4a330000 LB 0x0002d000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
14091a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14101a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4a660000 LB 0x00123000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14111a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14121a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd58020000 LB 0x00042000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
14131a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
14141a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
14151a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd58a60000 LB 0x002c8000 C:\Windows\System32\combase.dll [fFlags=0x0]
14161a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14171a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd578b0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
14181a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14191a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14201a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14211a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd5aff0000 LB 0x00052000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
14221a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14231a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57910000 LB 0x0000f000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
14241a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14251a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14261a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14271a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14281a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd58070000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
14291a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14301a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14311a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
14321a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14331a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14341a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd581d0000 LB 0x006da000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
14351a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14361a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14371a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
14381a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
14391a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14401a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14411a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59ad0000 LB 0x01508000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
14421a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14431a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59930000 LB 0x00138000 C:\Windows\System32\ole32.dll [fFlags=0x0]
14441a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14451a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4af70000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
14461a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14471a98.f60: supR3HardenedDllNotificationCallback: load 0000000067840000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
14481a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14491a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd3ab20000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
14501a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14511a98.f60: supR3HardenedDllNotificationCallback: load 00000000672d0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
14521a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14531a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd48980000 LB 0x00086000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14541a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14551a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4a5b0000 LB 0x000ac000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\COMCTL32.dll [fFlags=0x0]
14561a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll [avoiding WinVerifyTrust]
14571a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd5b270000 LB 0x000fa000 C:\Windows\System32\COMDLG32.dll [fFlags=0x0]
14581a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
14591a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4a790000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
14601a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14611a98.f60: supR3HardenedDllNotificationCallback: load 0000000067270000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
14621a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14631a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57920000 LB 0x0009c000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
14641a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
14651a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd59300000 LB 0x000bf000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
14661a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14671a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd552a0000 LB 0x0002b000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14681a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14691a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd55c30000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
14701a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14711a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd355e0000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
14721a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14731a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
14741a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
14751a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
14761a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
14771a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
14781a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
14791a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
14801a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
14811a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
14821a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
14831a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
14841a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
14851a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll'.
14861a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll' [rescheduled]
14871a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
14881a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
14891a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
14901a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
14911a98.f60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
14921a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
14931a98.f60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
14941a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
14951a98.f60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
14961a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
14971a98.f60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
14981a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
14991a98.f60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15001a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15011a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
15021a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
15031a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15041a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
15051a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15061a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
15071a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
15081a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
15091a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15101a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15111a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15121a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15131a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15141a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15151a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
15161a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15171a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15181a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15191a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15201a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15211a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15221a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
15231a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15251a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15271a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15281a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15301a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15311a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15321a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15331a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15341a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15351a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15371a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15391a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15401a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15411a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15431a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15441a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15451a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15461a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15471a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15481a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15491a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15501a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15511a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15521a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15531a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15541a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15551a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15561a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15571a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
15581a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15601a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15611a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15631a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15641a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15651a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15661a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15671a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15681a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15691a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15701a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15711a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15721a98.f60: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15731a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15741a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15751a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15761a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15771a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd593e0000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
15781a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
15791a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd593e0000 'C:\Windows\system32\IMM32.DLL'
15801a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15811a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15821a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15831a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15841a98.f60: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
15851a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15861a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd593e0000 'C:\Windows\System32\imm32.dll'
15871a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15881a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15891a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b370000 'C:\Windows\System32\kernel32.dll'
15901a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
15911a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15921a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-string-l1-1-0'
15931a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
15941a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15951a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-datetime-l1-1-1'
15961a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
15971a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15981a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-localization-obsolete-l1-2-0'
15991a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16001a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16011a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd589b0000 'C:\Windows\System32\ADVAPI32.DLL'
16021a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd355e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16031a98.f60: SUPR3HardenedMain: Calling TrustedMain (00007ffd355e1610)...
16041a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
16051a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16061a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
16071a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16081a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16091a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16101a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
16111a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16121a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16131a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16141a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16151a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16161a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16171a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16181a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16191a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16201a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16221a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16231a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16251a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16281a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16291a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16301a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16311a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16321a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16331a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16341a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16351a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16371a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16401a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16411a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
16421a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
16431a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16441a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16451a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16461a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16471a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16481a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16491a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16501a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16511a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16521a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
16531a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
16541a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16551a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16561a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16571a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd49f10000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16581a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16591a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd49f10000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16601a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000062c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16611a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
16621a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
16631a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5062D9B170D174E6DFFCD301D2C820A76C92F7CA
16641a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
16651a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
16661a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
16671a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16681a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16691a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
16701a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
16711a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
16721a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16731a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16741a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16751a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16761a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16771a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16781a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16791a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16801a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16811a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16821a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd56090000 LB 0x00095000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
16831a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16841a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56090000 'C:\Windows\system32\uxtheme.dll'
16851a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\system32\user32.dll'
16861a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16871a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16881a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59ad0000 'C:\Windows\system32\shell32.dll'
16891a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
16901a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
16911a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
16921a98.f60: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
16931a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16941a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd58070000 'C:\Windows\system32\SHCore.dll'
16951a98.f60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
16961a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
16971a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16981a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'win32u.dll'.
16991a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
17001a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
17011a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
17021a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17031a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd554d0000 LB 0x00026000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
17041a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17051a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17061a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17071a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17081a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17091a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17101a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17111a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17121a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17131a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17141a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
17151a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
17161a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17171a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17181a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17191a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c30000 'C:\Windows\system32\winmm.dll'
17201a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17211a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17221a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c30000 'C:\Windows\system32\winmm.dll'
17231a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17241a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17251a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59ad0000 'C:\Windows\system32\shell32.dll'
17261a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17271a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17281a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56090000 'C:\Windows\system32\uxtheme.dll'
17291a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17301a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17311a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd589b0000 'C:\Windows\system32\advapi32.dll'
17321a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
17331a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
17341a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17351a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'profapi.dll'.
17361a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17371a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17381a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17401a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17411a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17421a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17431a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17441a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17451a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd57040000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
17461a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17471a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57040000 'C:\Windows\system32\userenv.dll'
17481a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17491a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17501a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b370000 'C:\Windows\System32\kernel32.dll'
17511a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd597e0000 LB 0x0009f000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
17521a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17531a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17541a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
17551a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
17561a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17571a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17581a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
17591a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17601a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17611a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
17621a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
17631a98.12d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
17641a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
17651a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17661a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17671a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17681a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17691a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17701a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17711a98.12d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17721a98.12d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17731a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17741a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17751a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17761a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17771a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17781a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17791a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17801a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17811a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17821a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17831a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17841a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17851a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17861a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17871a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17881a98.12d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17891a98.12d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17901a98.12d4: supR3HardenedDllNotificationCallback: load 00007ffd35ed0000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17911a98.12d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17921a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd35ed0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17931a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
17941a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17951a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17961a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17971a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17981a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17991a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18001a98.12d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18011a98.12d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18021a98.12d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18031a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18041a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18051a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18061a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18071a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18081a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18091a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18101a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18111a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18121a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18131a98.12d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18141a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18151a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
18161a98.12d4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18171a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18181a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18191a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18201a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18211a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18221a98.12d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18231a98.12d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18241a98.12d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18251a98.12d4: supR3HardenedDllNotificationCallback: load 00007ffd44460000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
18261a98.12d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18271a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44460000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
18281a98.12d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18291a98.12d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18301a98.12d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59300000 'C:\Windows\System32\oleaut32.dll'
18311a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\system32\gdi32.dll'
18321a98.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18331a98.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18341a98.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18351a98.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18361a98.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18371a98.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
18381a98.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18391a98.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18401a98.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18411a98.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18421a98.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18431a98.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18441a98.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18451a98.bc4: supR3HardenedDllNotificationCallback: load 00007ffd548e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
18461a98.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18471a98.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd548e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
18481a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18491a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18501a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59ad0000 'C:\Windows\system32\shell32.dll'
18511a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd594b0000 LB 0x0015a000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
18521a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18531a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
18541a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
18551a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
18561a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'.
18571a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
18581a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
18591a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18601a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18611a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18621a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18631a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18641a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18651a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18661a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18671a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18681a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18691a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18701a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18711a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18721a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
18731a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
18741a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009b0 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18751a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
18761a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
18771a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F41B1C1088B7141EC40BC3A829C8A08D763971F
18781a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18791a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
18801a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1611_for_KB4025339~31bf3856ad364e35~amd64~~10.0.1.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
18811a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18821a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18831a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
18841a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
18851a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
18861a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
18871a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
18881a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18891a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
18901a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18911a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
18921a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
18931a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18941a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18951a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
18961a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18971a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18981a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18991a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19001a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19011a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19021a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19031a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19041a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
19051a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
19061a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19071a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19081a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
19091a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
19101a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19111a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19121a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19131a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19141a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
19151a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19161a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19171a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19181a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19191a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19201a98.f60: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19211a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19221a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19231a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19241a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19251a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19261a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19281a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19291a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19301a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19311a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19321a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19331a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
19341a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
19351a98.f60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
19361a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19371a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19381a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
19391a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19401a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19411a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19421a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19431a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19441a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19451a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19461a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd56810000 LB 0x0009f000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
19471a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19481a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd54370000 LB 0x002b6000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
19491a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19501a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd55860000 LB 0x00151000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
19511a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19521a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd42590000 LB 0x00049000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
19531a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19541a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42590000 'C:\Windows\system32\dataexchange.dll'
19551a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
19561a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
19571a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
19581a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19591a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19601a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
19611a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
19621a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
19631a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
19641a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd563c0000 LB 0x0011c000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
19651a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19661a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19671a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19681a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
19691a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19701a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19711a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
19721a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19731a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19741a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19751a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19761a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
19771a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
19781a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
19791a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
19801a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19811a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd594b0000 'C:\Windows\System32\MSCTF.dll'
19821a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19831a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19841a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59930000 'C:\Windows\System32\ole32.dll'
19851a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19861a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19871a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59300000 'C:\Windows\System32\OLEAUT32.dll'
19881a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19891a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
19901a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
19911a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A290917802D4CF47EA48D3329EF360233350A583
19921a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
19931a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
19941a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
19951a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19961a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19971a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19981a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19991a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20001a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20011a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20021a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20031a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a24 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20041a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
20051a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
20061a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C43FEE2E561B2B0F306322C4D857AFC8E83D17B
20071a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
20081a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
20091a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
20101a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20111a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20121a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
20131a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
20141a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
20151a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20161a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20171a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20181a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20191a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20201a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20211a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20221a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20231a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20241a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20251a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20261a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20271a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20281a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20291a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20301a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20311a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20321a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4df90000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20331a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20341a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4b590000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
20351a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20361a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
20371a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20381a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20391a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4b590000 'C:\Windows\system32\wbem\wbemprox.dll'
20401a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a70 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20411a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
20421a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
20431a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD02F2EC1572091695F4D052CCF68BAA380A2D88
20441a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
20451a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
20461a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
20471a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20481a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20491a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
20501a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20511a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20521a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20531a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20541a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20551a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20561a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20571a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20581a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4b0a0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
20591a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20601a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4b0a0000 'C:\Windows\system32\wbem\wbemsvc.dll'
20611a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
20621a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20631a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-localization-l1-2-0.dll'
20641a98.f60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
20651a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20661a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57a20000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20671a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a40 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20681a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
20691a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
20701a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37158B4AFADBDB40075A00539346B570E4EDE30C
20711a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
20721a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
20731a98.f60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
20741a98.f60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20751a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20761a98.f60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20771a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
20781a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20791a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20801a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20811a98.f60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20821a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20831a98.f60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20841a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20851a98.f60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20861a98.f60: supR3HardenedDllNotificationCallback: load 00007ffd4b140000 LB 0x000f4000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
20871a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20881a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4b140000 'C:\Windows\system32\wbem\fastprox.dll'
20891a98.10b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
20901a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20911a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
20921a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20931a98.10b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
20941a98.10b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20951a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20961a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20971a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
20981a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
20991a98.10b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21001a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21011a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21021a98.10b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21031a98.10b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21041a98.10b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21051a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21061a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21071a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21081a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21091a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21101a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21111a98.10b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21121a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21131a98.10b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21141a98.10b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21151a98.10b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21161a98.10b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21171a98.10b8: supR3HardenedDllNotificationCallback: load 0000000067160000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21181a98.10b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21191a98.10b8: supR3HardenedDllNotificationCallback: load 00007ffd453d0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21201a98.10b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21211a98.10b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd453d0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21221a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21231a98.e74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21241a98.e74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21251a98.e74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21261a98.e74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21271a98.e74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21281a98.e74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
21291a98.e74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21301a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21311a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21321a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21331a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21341a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21351a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21361a98.e74: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21371a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21381a98.e74: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21391a98.e74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21401a98.e74: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21411a98.e74: supR3HardenedDllNotificationCallback: load 00007ffd50f50000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
21421a98.e74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21431a98.e74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50f50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
21441a98.e74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\system32\User32.dll'
21451a98.12dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21461a98.12dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21471a98.12dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21481a98.12dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21491a98.12dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
21501a98.12dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21511a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21521a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21531a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21541a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21551a98.12dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21561a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21571a98.12dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21581a98.12dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21591a98.12dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21601a98.12dc: supR3HardenedDllNotificationCallback: load 00007ffd504a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
21611a98.12dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21621a98.12dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd504a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
21631a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21641a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21651a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
21661a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21671a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
21681a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
21691a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
21701a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
21711a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
21721a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
21731a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
21741a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21751a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21761a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21771a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21781a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21791a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21801a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21811a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21821a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
21831a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
21841a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
21851a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21861a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
21871a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21881a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21891a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21901a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
21911a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
21921a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
21931a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21941a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21951a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21961a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21971a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21981a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
21991a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
22001a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22011a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22021a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22031a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22041a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22051a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22061a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22071a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22081a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
22091a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
22101a98.1bac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
22111a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22121a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22131a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
22141a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
22151a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
22161a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
22171a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22181a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22191a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22201a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22211a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22221a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22231a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22241a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22251a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22261a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22271a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22281a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22291a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22301a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
22311a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22321a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22331a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
22341a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
22351a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
22361a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22371a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22381a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22391a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22401a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22411a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22421a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22431a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22441a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22451a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22461a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22471a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22481a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22491a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
22501a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
22511a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
22521a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4a1b0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
22531a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
22541a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4a180000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
22551a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
22561a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd49c30000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
22571a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
22581a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd49c30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
22591a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
22601a98.1bac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
22611a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
22621a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22631a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a180000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
22641a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
22651a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22661a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
22671a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
22681a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
22691a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
22701a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
22711a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
22721a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22731a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22741a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22751a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
22761a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4f7a0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
22771a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
22781a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
22791a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22801a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22811a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\system32/opengl32.dll'
22821a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22831a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22841a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
22851a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
22861a98.1bac: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll: Owner is administrators group.
22871a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bfc pwszName=\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
22881a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
22891a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
22901a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC84F47DF63D03C3B945B5AB0ABFAE70236676B9
22911a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
22921a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
22931a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.cat'; file='\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll'
22941a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22951a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
22961a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22971a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22981a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22991a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll) WinVerifyTrust
23001a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
23011a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23021a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23031a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23041a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23051a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
23061a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23071a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23081a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23091a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23101a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atig6pxx.dll (Input=atig6pxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23111a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
23121a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd50470000 LB 0x00009000 C:\Windows\System32\atig6pxx.dll [fFlags=0x0]
23131a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
23141a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50470000 'C:\Windows\System32\atig6pxx.dll'
23151a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
23161a98.1bac: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll: Owner is administrators group.
23171a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume2\Windows\System32\atio6axx.dll
23181a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
23191a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
23201a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=459A8E0B22A429AE7726E98009F14885C7520910
23211a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
23221a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
23231a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.cat'; file='\Device\HarddiskVolume2\Windows\System32\atio6axx.dll'
23241a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23251a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
23261a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23271a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
23281a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23291a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
23301a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atio6axx.dll) WinVerifyTrust
23311a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
23321a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23331a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23341a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
23351a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
23361a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23371a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
23381a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
23391a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
23401a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23411a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23421a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23431a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
23441a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
23451a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23461a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23471a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23481a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23491a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23501a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23511a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23521a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
23531a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
23541a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23551a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
23561a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
23571a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23581a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23591a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23601a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23611a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23621a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23631a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atio6axx.dll (Input=atio6axx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23641a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
23651a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
23661a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd53ff0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
23671a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
23681a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd58ed0000 LB 0x00429000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
23691a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23701a98.1bac: supR3HardenedDllNotificationCallback: load 0000000069030000 LB 0x01958000 C:\Windows\System32\atio6axx.dll [fFlags=0x0]
23711a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
23721a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
23731a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23741a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd554d0000 'C:\Windows\System32\dwmapi.dll'
23751a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000069030000 'C:\Windows\System32\atio6axx.dll'
23761a98.1bac: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll: Owner is administrators group.
23771a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
23781a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
23791a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
23801a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66FD675DDCB381199A0D3C9D49FDB58D5CC2AA29
23811a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
23821a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
23831a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.cat'; file='\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll'
23841a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23851a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
23861a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23871a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
23881a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
23891a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
23901a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23911a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
23921a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
23931a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
23941a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
23951a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wsock32.dll'.
23961a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll) WinVerifyTrust
23971a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
23981a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wsock32.dll'...
23991a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wsock32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wsock32.dll' [rcNtRedir=0xc0150008]
24001a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume2\Windows\System32\wsock32.dll
24011a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
24021a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
24031a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5BA4433881772E3F26D0D7F07E5ED58633AD4803
24041a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
24051a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
24061a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OneCore-WinSock-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wsock32.dll'
24071a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24081a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24091a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
24101a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wsock32.dll) WinVerifyTrust
24111a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wsock32.dll
24121a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
24131a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
24141a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24151a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24161a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24171a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24181a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24191a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
24201a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
24211a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
24221a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
24231a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24241a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24251a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24261a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
24271a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
24281a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
24291a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
24301a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24311a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
24321a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
24331a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
24341a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
24351a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
24361a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24371a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24381a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24391a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24401a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24411a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24421a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24431a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24441a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24451a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24461a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24471a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24481a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24491a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24501a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24511a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
24521a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
24531a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wsock32.dll
24541a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd55520000 LB 0x00013000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
24551a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
24561a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd5afe0000 LB 0x00008000 C:\Windows\System32\PSAPI.DLL [fFlags=0x0]
24571a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
24581a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4fb90000 LB 0x00009000 C:\Windows\SYSTEM32\WSOCK32.dll [fFlags=0x0]
24591a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wsock32.dll
24601a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4f9f0000 LB 0x00090000 C:\Windows\System32\atiadlxx.dll [fFlags=0x0]
24611a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
24621a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f9f0000 'C:\Windows\System32\atiadlxx.dll'
24631a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
24641a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
24651a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
24661a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd562d0000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
24671a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
24681a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24691a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24701a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
24711a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
24721a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
24731a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24741a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
24751a98.1bac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
24761a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
24771a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24781a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24791a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24801a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
24811a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24821a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24831a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24841a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24851a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24861a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24871a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24881a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
24891a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
24901a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
24911a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
24921a98.1bac: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll: Owner is administrators group.
24931a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b98 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6txx.dll
24941a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
24951a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
24961a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0FF46A0826845008485DEB49D695D88E99CF83F
24971a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
24981a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
24991a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.cat'; file='\Device\HarddiskVolume2\Windows\System32\atig6txx.dll'
25001a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25011a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25021a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25031a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
25041a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'version.dll'.
25051a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6txx.dll) WinVerifyTrust
25061a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25071a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
25081a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
25091a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
25101a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25111a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25121a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25131a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25141a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25151a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25161a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25171a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25181a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4fea0000 LB 0x0000e000 C:\Windows\System32\atig6txx.dll [fFlags=0x0]
25191a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25201a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fea0000 'C:\Windows\System32\atig6txx.dll'
25211a98.1bac: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll: Owner is administrators group.
25221a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
25231a98.1bac: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Windows\System32\aticfx64.dll'
25241a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c2c pwszName=\Device\HarddiskVolume2\Windows\System32\aticfx64.dll
25251a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
25261a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
25271a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=76C83B56DB71A8BC6A39A2647C50EA21950E5A20
25281a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
25291a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
25301a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.cat'; file='\Device\HarddiskVolume2\Windows\System32\aticfx64.dll'
25311a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
25321a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25331a98.1bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
25341a98.1bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\aticfx64.dll) WinVerifyTrust
25351a98.1bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
25361a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25371a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25381a98.1bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
25391a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25401a98.1bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25411a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25421a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
25431a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd54110000 LB 0x0010e000 C:\Windows\System32\aticfx64.dll [fFlags=0x0]
25441a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
25451a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54110000 'C:\Windows\System32\aticfx64.dll'
25461a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25471a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25481a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25491a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
25501a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25511a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25521a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25531a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25541a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25551a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25561a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25571a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25581a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25591a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25601a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25611a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25621a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25631a98.1bac: supR3HardenedDllNotificationCallback: Unload 00007ffd4fea0000 LB 0x0000e000 C:\Windows\System32\atig6txx.dll [flags=0x0]
25641a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25651a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25661a98.1bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25671a98.1bac: supR3HardenedDllNotificationCallback: load 00007ffd4fea0000 LB 0x0000e000 C:\Windows\System32\atig6txx.dll [fFlags=0x0]
25681a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
25691a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fea0000 'C:\Windows\System32\atig6txx.dll'
25701a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
25711a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25721a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd54110000 'C:\Windows\System32\aticfx64.dll'
25731a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25741a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25751a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25761a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25771a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25781a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25791a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25801a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25811a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25821a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59670000 'C:\Windows\System32\USER32.DLL'
25831a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25841a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59890000 'C:\Windows\System32\gdi32.dll'
25851a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
25861a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25871a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.DLL'
25881a98.1bac: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\System32\perf.dll': 0 (NtPath=\??\C:\Windows\System32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135
25891a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\System32\perf.dll'
25901a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
25911a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25921a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25931a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25941a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25951a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25961a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25971a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25981a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
25991a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
26001a98.1344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26011a98.1344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26021a98.1344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26031a98.1344: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26041a98.1344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26051a98.1344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26061a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26071a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26081a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26091a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26101a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26111a98.1344: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26121a98.1344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26131a98.1344: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26141a98.1344: supR3HardenedDllNotificationCallback: load 00007ffd4fc00000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26151a98.1344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26161a98.1344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fc00000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26171a98.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26181a98.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26191a98.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26201a98.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26211a98.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26221a98.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26231a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26241a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26251a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26261a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26271a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26281a98.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26291a98.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26301a98.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26311a98.818: supR3HardenedDllNotificationCallback: load 00007ffd4fab0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26321a98.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26331a98.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fab0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26341a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd59ad0000 'C:\Windows\system32\Shell32.dll'
26351a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26361a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26371a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd453d0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26381a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26391a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26401a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26411a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26421a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26431a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26441a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
26451a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26461a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26471a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26481a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26491a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26501a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26511a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26521a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26531a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26541a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26551a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26561a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26571a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26581a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd48df0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26591a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26601a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48df0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
26611a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd48df0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
26621a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26631a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26641a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26651a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26661a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26671a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
26681a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
26691a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26701a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26711a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
26721a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
26731a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
26741a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
26751a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
26761a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
26771a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
26781a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26791a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
26801a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
26811a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26821a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26831a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26841a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26851a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26861a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26871a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26881a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26891a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26901a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26911a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26921a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
26931a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
26941a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
26951a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26961a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26971a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
26981a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26991a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27001a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27011a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27021a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27031a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27041a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27051a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27061a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27071a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27081a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27091a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27101a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27111a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27121a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27131a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27141a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27151a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27161a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27171a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27181a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27191a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27201a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27211a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27221a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27231a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27241a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27251a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27261a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27271a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27281a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27291a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27301a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27311a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27321a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27331a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27341a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27351a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27361a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd46330000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27371a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27381a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd48de0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
27391a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27401a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd56f40000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
27411a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27421a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd34c20000 LB 0x009b1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27431a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27441a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd34c20000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
27451a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27461a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27471a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27481a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27491a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd48d90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
27501a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27511a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48d90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
27521a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27531a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27541a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27551a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd35ed0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
27561a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27571a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27581a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27591a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48de0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
27601a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27611a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27621a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27631a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27641a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
27651a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27661a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27671a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27681a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27691a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27701a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27711a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27721a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd4a900000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
27731a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27741a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a900000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
27751a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27761a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27771a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27781a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27791a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
27801a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
27811a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27821a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27831a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27841a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27851a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27861a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
27871a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd49c10000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
27881a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
27891a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd49c10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
27901a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27911a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
27921a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27931a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27941a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
27951a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27961a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27971a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27981a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27991a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28001a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28011a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28021a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd49bf0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
28031a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28041a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd49bf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
28051a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28061a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28071a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28081a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28091a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
28101a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28111a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28121a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28131a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28141a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28151a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28161a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28171a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd492c0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
28181a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28191a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd492c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
28201a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28211a98.12b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28221a98.12b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28231a98.12b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28241a98.12b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28251a98.12b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28261a98.12b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28271a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28281a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28291a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28301a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28311a98.12b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28321a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28331a98.12b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28341a98.12b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28351a98.12b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28361a98.12b0: supR3HardenedDllNotificationCallback: load 00007ffd4f950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
28371a98.12b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28381a98.12b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f950000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
28391a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28401a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
28411a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28421a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28431a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28441a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
28451a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
28461a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
28471a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28481a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28491a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28501a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28511a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28521a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28531a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28541a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28551a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28561a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28571a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28581a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
28591a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28601a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28611a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd3c4b0000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
28621a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28631a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c4b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
28641a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28651a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28661a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56f40000 'C:\Windows\system32\Iphlpapi.dll'
28671a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28681a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
28691a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
28701a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
28711a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd5b050000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
28721a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
28731a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
28741a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd535b0000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
28751a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
28761a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28771a98.ab0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
28781a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
28791a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd50220000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
28801a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
28811a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
28821a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28831a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
28841a98.ab0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
28851a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28861a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd50a60000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
28871a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
28881a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
28891a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
28901a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
28911a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D280CDF967AD5FF8409BEF96F4C54C1E47D620AC
28921a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
28931a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
28941a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
28951a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28961a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28971a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28981a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28991a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29001a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29011a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29021a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29031a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29041a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29051a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29061a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29071a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29081a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1836_for_KB4025339~31bf3856ad364e35~amd64~~10.0.1.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29091a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29101a98.ab0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29111a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
29121a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
29131a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
29141a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2D1E4C0F8001689DAD3880BC6AABF203D6F2118
29151a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29161a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29171a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1836_for_KB4025339~31bf3856ad364e35~amd64~~10.0.1.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29181a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29191a98.ab0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29201a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29211a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29221a98.ab0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
29231a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29241a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29251a98.ab0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
29261a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f94 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
29271a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
29281a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
29291a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D44ABC92F5DCFB6E0C03CA5B293AF8332666805
29301a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29311a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29321a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
29331a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29341a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29351a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
29361a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
29371a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
29381a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29391a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29401a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29411a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29421a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29431a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29441a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29451a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd44e50000 LB 0x0009b000 C:\Windows\System32\dsound.dll [fFlags=0x0]
29461a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29471a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29481a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29491a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e50000 'C:\Windows\System32\dsound.dll'
29501a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e50000 'C:\Windows\System32\dsound.dll'
29511a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29521a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29531a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e50000 'C:\Windows\system32\dsound.dll'
29541a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29551a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29561a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29571a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
29581a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
29591a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
29601a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29611a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29621a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29631a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29641a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
29651a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
29661a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29671a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
29681a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
29691a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
29701a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
29711a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
29721a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
29731a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
29741a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29751a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29761a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29771a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29781a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29791a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29801a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29811a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29821a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29831a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29841a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29851a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29861a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29871a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd550b0000 LB 0x00185000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
29881a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
29891a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd542e0000 LB 0x00071000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
29901a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29911a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd542e0000 'C:\Windows\System32\MMDevApi.dll'
29921a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29931a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29941a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c30000 'C:\Windows\System32\winmm.dll'
29951a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd4 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29961a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
29971a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
29981a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F8D22D5C750466D80CDF20856C3802D0D00236D
29991a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
30001a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
30011a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30021a98.ab0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30031a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30041a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ksuser.dll'.
30051a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'avrt.dll'.
30061a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'mmdevapi.dll'.
30071a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
30081a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30091a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30101a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30111a98.ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30121a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30131a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30141a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
30151a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
30161a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
30171a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
30181a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30191a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30201a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
30211a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
30221a98.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30231a98.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
30241a98.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30251a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30261a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30271a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30281a98.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30291a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30301a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30311a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30321a98.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30331a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd52cd0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
30341a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
30351a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd54360000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
30361a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
30371a98.ab0: supR3HardenedDllNotificationCallback: load 00007ffd52d50000 LB 0x0003f000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
30381a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30391a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52d50000 'C:\Windows\System32\wdmaud.drv'
30401a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30411a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30421a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52d50000 'C:\Windows\System32\wdmaud.drv'
30431a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30441a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30451a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd542e0000 'C:\Windows\System32\MMDEVAPI.DLL'
30461a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30471a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30481a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c30000 'C:\Windows\System32\winmm.dll'
30491a98.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30501a98.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30511a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e50000 'C:\Windows\system32\dsound.dll'
30521a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd55c30000 'C:\Windows\System32\winmm.dll'
30531a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd453d0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30541a98.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
30551a98.e78: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
30561a98.e78: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
30571a98.e78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
30581a98.e78: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000010b0 (hFile=00000000000010d8) with 0xc0000022 -> STATUS_TRUST_FAILURE
30591a98.e78: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
30601a98.e78: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000010d8 (hFile=00000000000010b0) with 0xc0000022 -> STATUS_TRUST_FAILURE
30611a98.12b0: supR3HardenedDllNotificationCallback: Unload 00007ffd4f950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
30621a98.818: supR3HardenedDllNotificationCallback: Unload 00007ffd4fab0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
30631a98.1344: supR3HardenedDllNotificationCallback: Unload 00007ffd4fc00000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
30641a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a68 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
30651a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f96b0
30661a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f96b0
30671a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0439AE7D09ECE226B3878E80052BEEE6DC4F4964
30681a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd56dc0000 'C:\Windows\system32\rsaenh.dll'
30691a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd57e50000 'C:\Windows\System32\crypt32.dll'
30701a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1881_for_KB4025339~31bf3856ad364e35~amd64~~10.0.1.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30711a98.1bac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30721a98.1bac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30731a98.1bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
30741a98.1bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30751a98.1bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a660000 'C:\Windows\System32\OPENGL32.dll'
30761a98.1bac: supR3HardenedDllNotificationCallback: Unload 00007ffd4f7a0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0]
30771a98.1bac: supR3HardenedDllNotificationCallback: Unload 00007ffd49c30000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0]
30781a98.1bac: supR3HardenedDllNotificationCallback: Unload 00007ffd4a180000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0]
30791a98.1bac: supR3HardenedDllNotificationCallback: Unload 00007ffd4a1b0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0]
30801a98.12dc: supR3HardenedDllNotificationCallback: Unload 00007ffd504a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
30811a98.e74: supR3HardenedDllNotificationCallback: Unload 00007ffd50f50000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
30821a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd492c0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
30831a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd49bf0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
30841a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd49c10000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
30851a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd4a900000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
30861a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd48d90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30871a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd34c20000 LB 0x009b1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
30881a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd46330000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
30891a98.ab0: supR3HardenedDllNotificationCallback: Unload 00007ffd48de0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
30901a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd548e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
30911a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd44460000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
30921a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd4b0a0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
30931a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd4b590000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
30941a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd42590000 LB 0x00049000 C:\Windows\system32\dataexchange.dll [flags=0x0]
30951a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd54370000 LB 0x002b6000 C:\Windows\system32\d3d11.dll [flags=0x0]
30961a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd56810000 LB 0x0009f000 C:\Windows\system32\dxgi.dll [flags=0x0]
30971a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd55860000 LB 0x00151000 C:\Windows\system32\dcomp.dll [flags=0x0]
30981a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd563c0000 LB 0x0011c000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
30991a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd35ed0000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
31001a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd4b140000 LB 0x000f4000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
31011a98.f60: supR3HardenedDllNotificationCallback: Unload 00007ffd4df90000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
31021a98.f60: Terminating the normal way: rcExit=0
31031a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
31041a98.f60: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
31051a98.f60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
31061a98.f60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31071a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31081a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b420000 'C:\Windows\System32\ntdll.dll'
31091a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
31101a98.f60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' [rescheduled]
31111a98.f60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
31121a98.f60: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
31131a98.f60: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31141a98.f60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31151a98.f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5b420000 'C:\Windows\System32\ntdll.dll'
3116dc0.13f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 28752 ms, the end);
31171624.12b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 29330 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy