VirtualBox

Ticket #17071: VBoxHardening.log

File VBoxHardening.log, 450.3 KB (added by Kakoussnight, 7 years ago)
Line 
1228c.2444: Log file opened: 5.1.26r117224 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa03ad700
2228c.2444: \SystemRoot\System32\ntdll.dll:
3228c.2444: CreationTime: 2017-07-12T17:28:10.097582200Z
4228c.2444: LastWriteTime: 2017-06-20T06:10:49.467134900Z
5228c.2444: ChangeTime: 2017-08-08T17:42:24.071882000Z
6228c.2444: FileAttributes: 0x20
7228c.2444: Size: 0x1d7450
8228c.2444: NT Headers: 0xe0
9228c.2444: Timestamp: 0xa329d3a8
10228c.2444: Machine: 0x8664 - amd64
11228c.2444: Timestamp: 0xa329d3a8
12228c.2444: Image Version: 10.0
13228c.2444: SizeOfImage: 0x1db000 (1945600)
14228c.2444: Resource Dir: 0x170000 LB 0x69398
15228c.2444: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16228c.2444: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17228c.2444: ProductName: Microsoft® Windows® Operating System
18228c.2444: ProductVersion: 10.0.15063.447
19228c.2444: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
20228c.2444: FileDescription: NT Layer DLL
21228c.2444: \SystemRoot\System32\kernel32.dll:
22228c.2444: CreationTime: 2017-05-10T17:07:38.925189500Z
23228c.2444: LastWriteTime: 2017-04-28T01:06:01.409897400Z
24228c.2444: ChangeTime: 2017-08-08T17:42:24.029726300Z
25228c.2444: FileAttributes: 0x20
26228c.2444: Size: 0xad068
27228c.2444: NT Headers: 0xf8
28228c.2444: Timestamp: 0xf5fa43df
29228c.2444: Machine: 0x8664 - amd64
30228c.2444: Timestamp: 0xf5fa43df
31228c.2444: Image Version: 10.0
32228c.2444: SizeOfImage: 0xae000 (712704)
33228c.2444: Resource Dir: 0xac000 LB 0x520
34228c.2444: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35228c.2444: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36228c.2444: ProductName: Microsoft® Windows® Operating System
37228c.2444: ProductVersion: 10.0.15063.296
38228c.2444: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
39228c.2444: FileDescription: Windows NT BASE API Client DLL
40228c.2444: \SystemRoot\System32\KernelBase.dll:
41228c.2444: CreationTime: 2017-08-08T17:39:55.430734400Z
42228c.2444: LastWriteTime: 2017-07-28T05:25:32.331020800Z
43228c.2444: ChangeTime: 2017-08-08T22:01:15.220073400Z
44228c.2444: FileAttributes: 0x20
45228c.2444: Size: 0x249df0
46228c.2444: NT Headers: 0x100
47228c.2444: Timestamp: 0x5405b5
48228c.2444: Machine: 0x8664 - amd64
49228c.2444: Timestamp: 0x5405b5
50228c.2444: Image Version: 10.0
51228c.2444: SizeOfImage: 0x249000 (2396160)
52228c.2444: Resource Dir: 0x22a000 LB 0x548
53228c.2444: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54228c.2444: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55228c.2444: ProductName: Microsoft® Windows® Operating System
56228c.2444: ProductVersion: 10.0.15063.502
57228c.2444: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
58228c.2444: FileDescription: Windows NT BASE API Client DLL
59228c.2444: \SystemRoot\System32\apisetschema.dll:
60228c.2444: CreationTime: 2017-03-18T20:57:35.373527900Z
61228c.2444: LastWriteTime: 2017-03-18T20:57:35.373527900Z
62228c.2444: ChangeTime: 2017-05-05T20:58:39.974585600Z
63228c.2444: FileAttributes: 0x20
64228c.2444: Size: 0x1ada0
65228c.2444: NT Headers: 0xc0
66228c.2444: Timestamp: 0x76544b2
67228c.2444: Machine: 0x8664 - amd64
68228c.2444: Timestamp: 0x76544b2
69228c.2444: Image Version: 10.0
70228c.2444: SizeOfImage: 0x1b000 (110592)
71228c.2444: Resource Dir: 0x1a000 LB 0x408
72228c.2444: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73228c.2444: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74228c.2444: ProductName: Microsoft® Windows® Operating System
75228c.2444: ProductVersion: 10.0.15063.0
76228c.2444: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
77228c.2444: FileDescription: ApiSet Schema DLL
78228c.2444: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79228c.2444: supR3HardenedWinFindAdversaries: 0x0
80228c.2444: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81228c.2444: Calling main()
82228c.2444: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83228c.2444: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
84228c.2444: SUPR3HardenedMain: Respawn #1
85228c.2444: System32: \Device\HarddiskVolume2\Windows\System32
86228c.2444: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
87228c.2444: KnownDllPath: C:\WINDOWS\System32
88228c.2444: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89228c.2444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90228c.2444: supR3HardNtEnableThreadCreation:
91228c.2444: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb36549ac0 pvNtTerminateThread=00007ffb36575df0
92228c.2444: supR3HardenedWinDoReSpawn(1): New child 2c84.c98 [kernel32].
93228c.2444: supR3HardNtChildGatherData: PebBaseAddress=0000000000ec1000 cbPeb=0x388
94228c.2444: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb364d0000 uNtDllChildAddr=00007ffb364d0000
95228c.2444: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb36549ac0
96228c.2444: supR3HardenedWinSetupChildInit: Start child.
97228c.2444: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98228c.2444: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 15 sleeps
99228c.2444: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100228c.2444: *0000000000000000-0000000000d0ffff 0x0001/0x0000 0x0000000
101228c.2444: *0000000000d10000-0000000000d2ffff 0x0004/0x0004 0x0020000
102228c.2444: *0000000000d30000-0000000000d47fff 0x0002/0x0002 0x0040000
103228c.2444: 0000000000d48000-0000000000d4ffff 0x0001/0x0000 0x0000000
104228c.2444: *0000000000d50000-0000000000d50fff 0x0020/0x0004 0x0020000 !!
105228c.2444: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000d50000 (LB 0x1000, 0000000000d50000 LB 0x1000)
106228c.2444: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000d50000/0000000000d50000 LB 0/0x1000]
107228c.2444: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000d50000 LB 0x10000 s=0x10000 ap=0x0 rp=0x007ffb00000001
108228c.2444: 0000000000d51000-0000000000d5ffff 0x0001/0x0000 0x0000000
109228c.2444: *0000000000d60000-0000000000d63fff 0x0002/0x0002 0x0040000
110228c.2444: 0000000000d64000-0000000000d6ffff 0x0001/0x0000 0x0000000
111228c.2444: *0000000000d70000-0000000000d70fff 0x0004/0x0004 0x0020000
112228c.2444: 0000000000d71000-0000000000dfffff 0x0001/0x0000 0x0000000
113228c.2444: *0000000000e00000-0000000000ec0fff 0x0000/0x0004 0x0020000
114228c.2444: 0000000000ec1000-0000000000ec3fff 0x0004/0x0004 0x0020000
115228c.2444: 0000000000ec4000-0000000000ffffff 0x0000/0x0004 0x0020000
116228c.2444: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
117228c.2444: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
118228c.2444: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
119228c.2444: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
120228c.2444: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
121228c.2444: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
122228c.2444: 000000007fff0000-00007ff739c7ffff 0x0001/0x0000 0x0000000
123228c.2444: *00007ff739c80000-00007ff739ca2fff 0x0002/0x0002 0x0040000
124228c.2444: 00007ff739ca3000-00007ff73a8bffff 0x0001/0x0000 0x0000000
125228c.2444: *00007ff73a8c0000-00007ff73a8c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
126228c.2444: 00007ff73a8c1000-00007ff73a930fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
127228c.2444: 00007ff73a931000-00007ff73a931fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
128228c.2444: 00007ff73a932000-00007ff73a977fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
129228c.2444: 00007ff73a978000-00007ff73a978fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
130228c.2444: 00007ff73a979000-00007ff73a979fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
131228c.2444: 00007ff73a97a000-00007ff73a97efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
132228c.2444: 00007ff73a97f000-00007ff73a97ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
133228c.2444: 00007ff73a980000-00007ff73a980fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
134228c.2444: 00007ff73a981000-00007ff73a984fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
135228c.2444: 00007ff73a985000-00007ff73a9ccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
136228c.2444: 00007ff73a9cd000-00007ffb364cffff 0x0001/0x0000 0x0000000
137228c.2444: *00007ffb364d0000-00007ffb364d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138228c.2444: 00007ffb364d1000-00007ffb364ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139228c.2444: 00007ffb364ec000-00007ffb364ecfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140228c.2444: 00007ffb364ed000-00007ffb365dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141228c.2444: 00007ffb365e0000-00007ffb36624fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
142228c.2444: 00007ffb36625000-00007ffb3662cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143228c.2444: 00007ffb3662d000-00007ffb3663afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
144228c.2444: 00007ffb3663b000-00007ffb3663bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
145228c.2444: 00007ffb3663c000-00007ffb3663efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
146228c.2444: 00007ffb3663f000-00007ffb366aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
147228c.2444: 00007ffb366ab000-00007ffffffdffff 0x0001/0x0000 0x0000000
148228c.2444: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
149228c.2444: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
150228c.2444: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
151228c.2444: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
152228c.2444: ntdll.dll: Differences in section #1 (.text) between file and memory:
153228c.2444: 00007ffb364ec340 / 0x001c340: 40 != 48
154228c.2444: 00007ffb364ec341 / 0x001c341: 53 != b8
155228c.2444: 00007ffb364ec342 / 0x001c342: 55 != 48
156228c.2444: 00007ffb364ec343 / 0x001c343: 56 != 04
157228c.2444: 00007ffb364ec344 / 0x001c344: 57 != d5
158228c.2444: 00007ffb364ec345 / 0x001c345: 41 != 00
159228c.2444: 00007ffb364ec346 / 0x001c346: 56 != 00
160228c.2444: 00007ffb364ec347 / 0x001c347: 48 != 00
161228c.2444: 00007ffb364ec348 / 0x001c348: 81 != 00
162228c.2444: 00007ffb364ec349 / 0x001c349: ec != 00
163228c.2444: 00007ffb364ec34a / 0x001c34a: d0 != ff
164228c.2444: 00007ffb364ec34b / 0x001c34b: 00 != e0
165228c.2444: Restored 0x2000 bytes of original file content at 00007ffb364eb000
166228c.2444: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000
167228c.2444: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 30 sleeps
168228c.2444: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
169228c.2444: *0000000000000000-0000000000d0ffff 0x0001/0x0000 0x0000000
170228c.2444: *0000000000d10000-0000000000d2ffff 0x0004/0x0004 0x0020000
171228c.2444: *0000000000d30000-0000000000d47fff 0x0002/0x0002 0x0040000
172228c.2444: 0000000000d48000-0000000000d5ffff 0x0001/0x0000 0x0000000
173228c.2444: *0000000000d60000-0000000000d63fff 0x0002/0x0002 0x0040000
174228c.2444: 0000000000d64000-0000000000d6ffff 0x0001/0x0000 0x0000000
175228c.2444: *0000000000d70000-0000000000d70fff 0x0004/0x0004 0x0020000
176228c.2444: 0000000000d71000-0000000000dfffff 0x0001/0x0000 0x0000000
177228c.2444: *0000000000e00000-0000000000ec0fff 0x0000/0x0004 0x0020000
178228c.2444: 0000000000ec1000-0000000000ec3fff 0x0004/0x0004 0x0020000
179228c.2444: 0000000000ec4000-0000000000ffffff 0x0000/0x0004 0x0020000
180228c.2444: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
181228c.2444: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
182228c.2444: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
183228c.2444: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
184228c.2444: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
185228c.2444: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
186228c.2444: 000000007fff0000-00007ff739c7ffff 0x0001/0x0000 0x0000000
187228c.2444: *00007ff739c80000-00007ff739ca2fff 0x0002/0x0002 0x0040000
188228c.2444: 00007ff739ca3000-00007ff73a8bffff 0x0001/0x0000 0x0000000
189228c.2444: *00007ff73a8c0000-00007ff73a8c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
190228c.2444: 00007ff73a8c1000-00007ff73a930fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
191228c.2444: 00007ff73a931000-00007ff73a931fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
192228c.2444: 00007ff73a932000-00007ff73a977fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
193228c.2444: 00007ff73a978000-00007ff73a984fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
194228c.2444: 00007ff73a985000-00007ff73a9ccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
195228c.2444: 00007ff73a9cd000-00007ffb364cffff 0x0001/0x0000 0x0000000
196228c.2444: *00007ffb364d0000-00007ffb364d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
197228c.2444: 00007ffb364d1000-00007ffb365dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
198228c.2444: 00007ffb365e0000-00007ffb36624fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
199228c.2444: 00007ffb36625000-00007ffb36628fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
200228c.2444: 00007ffb36629000-00007ffb3662cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
201228c.2444: 00007ffb3662d000-00007ffb3663afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
202228c.2444: 00007ffb3663b000-00007ffb3663bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
203228c.2444: 00007ffb3663c000-00007ffb3663efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
204228c.2444: 00007ffb3663f000-00007ffb366aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
205228c.2444: 00007ffb366ab000-00007ffffffdffff 0x0001/0x0000 0x0000000
206228c.2444: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
207228c.2444: supR3HardNtChildPurify: Done after 800 ms and 2 fixes (loop #1).
2082c84.c98: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
2092c84.c98: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb364d0000 g_uNtVerCombined=0xa03ad700
2102c84.c98: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
2112c84.c98: New simple heap: #1 0000000001200000 LB 0x400000 (for 1945600 allocation)
212228c.2444: supR3HardNtEnableThreadCreation:
2132c84.c98: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2142c84.c98: System32: \Device\HarddiskVolume2\Windows\System32
2152c84.c98: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2162c84.c98: KnownDllPath: C:\WINDOWS\System32
2172c84.c98: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2182c84.c98: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2192c84.c98: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2202c84.c98: Registered Dll notification callback with NTDLL.
2212c84.c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2222c84.c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2232c84.c98: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2242c84.c98: supR3HardenedDllNotificationCallback: load 00007ffb32de0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2252c84.c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2262c84.c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2272c84.c98: supR3HardenedDllNotificationCallback: load 00007ffb34e70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2282c84.c98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2292c84.c98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'C:\WINDOWS\System32\KERNEL32.DLL'
2302c84.c98: supR3HardenedDllNotificationCallback: load 00007ff73a8c0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2312c84.c98: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2322c84.c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2332c84.c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2342c84.c98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb36549ac0 pvNtTerminateThread=00007ffb36575df0
235228c.2444: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
2362c84.c98: \SystemRoot\System32\ntdll.dll:
2372c84.c98: CreationTime: 2017-07-12T17:28:10.097582200Z
2382c84.c98: LastWriteTime: 2017-06-20T06:10:49.467134900Z
2392c84.c98: ChangeTime: 2017-08-08T17:42:24.071882000Z
2402c84.c98: FileAttributes: 0x20
2412c84.c98: Size: 0x1d7450
2422c84.c98: NT Headers: 0xe0
2432c84.c98: Timestamp: 0xa329d3a8
2442c84.c98: Machine: 0x8664 - amd64
2452c84.c98: Timestamp: 0xa329d3a8
2462c84.c98: Image Version: 10.0
2472c84.c98: SizeOfImage: 0x1db000 (1945600)
2482c84.c98: Resource Dir: 0x170000 LB 0x69398
2492c84.c98: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2502c84.c98: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2512c84.c98: ProductName: Microsoft® Windows® Operating System
2522c84.c98: ProductVersion: 10.0.15063.447
2532c84.c98: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
2542c84.c98: FileDescription: NT Layer DLL
2552c84.c98: \SystemRoot\System32\kernel32.dll:
2562c84.c98: CreationTime: 2017-05-10T17:07:38.925189500Z
2572c84.c98: LastWriteTime: 2017-04-28T01:06:01.409897400Z
2582c84.c98: ChangeTime: 2017-08-08T17:42:24.029726300Z
2592c84.c98: FileAttributes: 0x20
2602c84.c98: Size: 0xad068
2612c84.c98: NT Headers: 0xf8
2622c84.c98: Timestamp: 0xf5fa43df
2632c84.c98: Machine: 0x8664 - amd64
2642c84.c98: Timestamp: 0xf5fa43df
2652c84.c98: Image Version: 10.0
2662c84.c98: SizeOfImage: 0xae000 (712704)
2672c84.c98: Resource Dir: 0xac000 LB 0x520
2682c84.c98: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2692c84.c98: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2702c84.c98: ProductName: Microsoft® Windows® Operating System
2712c84.c98: ProductVersion: 10.0.15063.296
2722c84.c98: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
2732c84.c98: FileDescription: Windows NT BASE API Client DLL
2742c84.c98: \SystemRoot\System32\KernelBase.dll:
2752c84.c98: CreationTime: 2017-08-08T17:39:55.430734400Z
2762c84.c98: LastWriteTime: 2017-07-28T05:25:32.331020800Z
2772c84.c98: ChangeTime: 2017-08-08T22:01:15.220073400Z
2782c84.c98: FileAttributes: 0x20
2792c84.c98: Size: 0x249df0
2802c84.c98: NT Headers: 0x100
2812c84.c98: Timestamp: 0x5405b5
2822c84.c98: Machine: 0x8664 - amd64
2832c84.c98: Timestamp: 0x5405b5
2842c84.c98: Image Version: 10.0
2852c84.c98: SizeOfImage: 0x249000 (2396160)
2862c84.c98: Resource Dir: 0x22a000 LB 0x548
2872c84.c98: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2882c84.c98: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2892c84.c98: ProductName: Microsoft® Windows® Operating System
2902c84.c98: ProductVersion: 10.0.15063.502
2912c84.c98: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
2922c84.c98: FileDescription: Windows NT BASE API Client DLL
2932c84.c98: \SystemRoot\System32\apisetschema.dll:
2942c84.c98: CreationTime: 2017-03-18T20:57:35.373527900Z
2952c84.c98: LastWriteTime: 2017-03-18T20:57:35.373527900Z
2962c84.c98: ChangeTime: 2017-05-05T20:58:39.974585600Z
2972c84.c98: FileAttributes: 0x20
2982c84.c98: Size: 0x1ada0
2992c84.c98: NT Headers: 0xc0
3002c84.c98: Timestamp: 0x76544b2
3012c84.c98: Machine: 0x8664 - amd64
3022c84.c98: Timestamp: 0x76544b2
3032c84.c98: Image Version: 10.0
3042c84.c98: SizeOfImage: 0x1b000 (110592)
3052c84.c98: Resource Dir: 0x1a000 LB 0x408
3062c84.c98: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3072c84.c98: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3082c84.c98: ProductName: Microsoft® Windows® Operating System
3092c84.c98: ProductVersion: 10.0.15063.0
3102c84.c98: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
3112c84.c98: FileDescription: ApiSet Schema DLL
3122c84.c98: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3132c84.c98: supR3HardenedWinFindAdversaries: 0x0
3142c84.c98: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3152c84.c98: Calling main()
3162c84.c98: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3172c84.c98: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3182c84.c98: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3192c84.c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3202c84.c98: SUPR3HardenedMain: Respawn #2
3212c84.c98: supR3HardNtEnableThreadCreation:
3222c84.c98: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3232c84.c98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
3242c84.c98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3252c84.c98: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3262c84.c98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb364d0000 'C:\WINDOWS\System32\ntdll.dll'
3272c84.c98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb36549ac0 pvNtTerminateThread=00007ffb36575df0
3282c84.c98: supR3HardenedWinDoReSpawn(2): New child 65c.1378 [kernel32].
3292c84.c98: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3302c84.c98: supR3HardNtChildGatherData: PebBaseAddress=0000000001102000 cbPeb=0x388
3312c84.c98: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb364d0000 uNtDllChildAddr=00007ffb364d0000
3322c84.c98: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb36549ac0
3332c84.c98: supR3HardenedWinSetupChildInit: Start child.
3342c84.c98: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3352c84.c98: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 17 sleeps
3362c84.c98: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3372c84.c98: *0000000000000000-0000000000f0ffff 0x0001/0x0000 0x0000000
3382c84.c98: *0000000000f10000-0000000000f2ffff 0x0004/0x0004 0x0020000
3392c84.c98: *0000000000f30000-0000000000f47fff 0x0002/0x0002 0x0040000
3402c84.c98: 0000000000f48000-0000000000f4ffff 0x0001/0x0000 0x0000000
3412c84.c98: *0000000000f50000-0000000000f50fff 0x0020/0x0004 0x0020000 !!
3422c84.c98: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000f50000 (LB 0x1000, 0000000000f50000 LB 0x1000)
3432c84.c98: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000f50000/0000000000f50000 LB 0/0x1000]
3442c84.c98: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000f50000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
3452c84.c98: 0000000000f51000-0000000000f5ffff 0x0001/0x0000 0x0000000
3462c84.c98: *0000000000f60000-0000000000f63fff 0x0002/0x0002 0x0040000
3472c84.c98: 0000000000f64000-0000000000f6ffff 0x0001/0x0000 0x0000000
3482c84.c98: *0000000000f70000-0000000000f70fff 0x0004/0x0004 0x0020000
3492c84.c98: 0000000000f71000-0000000000ffffff 0x0001/0x0000 0x0000000
3502c84.c98: *0000000001000000-0000000001101fff 0x0000/0x0004 0x0020000
3512c84.c98: 0000000001102000-0000000001104fff 0x0004/0x0004 0x0020000
3522c84.c98: 0000000001105000-00000000011fffff 0x0000/0x0004 0x0020000
3532c84.c98: *0000000001200000-00000000012fafff 0x0000/0x0004 0x0020000
3542c84.c98: 00000000012fb000-00000000012fdfff 0x0104/0x0004 0x0020000
3552c84.c98: 00000000012fe000-00000000012fffff 0x0004/0x0004 0x0020000
3562c84.c98: 0000000001300000-000000007ffdffff 0x0001/0x0000 0x0000000
3572c84.c98: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3582c84.c98: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3592c84.c98: 000000007fff0000-00007ff73a5cffff 0x0001/0x0000 0x0000000
3602c84.c98: *00007ff73a5d0000-00007ff73a5f2fff 0x0002/0x0002 0x0040000
3612c84.c98: 00007ff73a5f3000-00007ff73a8bffff 0x0001/0x0000 0x0000000
3622c84.c98: *00007ff73a8c0000-00007ff73a8c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3632c84.c98: 00007ff73a8c1000-00007ff73a930fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3642c84.c98: 00007ff73a931000-00007ff73a931fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3652c84.c98: 00007ff73a932000-00007ff73a977fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3662c84.c98: 00007ff73a978000-00007ff73a978fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3672c84.c98: 00007ff73a979000-00007ff73a979fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3682c84.c98: 00007ff73a97a000-00007ff73a97efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3692c84.c98: 00007ff73a97f000-00007ff73a97ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3702c84.c98: 00007ff73a980000-00007ff73a980fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3712c84.c98: 00007ff73a981000-00007ff73a984fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3722c84.c98: 00007ff73a985000-00007ff73a9ccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3732c84.c98: 00007ff73a9cd000-00007ffb364cffff 0x0001/0x0000 0x0000000
3742c84.c98: *00007ffb364d0000-00007ffb364d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3752c84.c98: 00007ffb364d1000-00007ffb364ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3762c84.c98: 00007ffb364ec000-00007ffb364ecfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3772c84.c98: 00007ffb364ed000-00007ffb365dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3782c84.c98: 00007ffb365e0000-00007ffb36624fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3792c84.c98: 00007ffb36625000-00007ffb3662cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3802c84.c98: 00007ffb3662d000-00007ffb3663afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3812c84.c98: 00007ffb3663b000-00007ffb3663bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3822c84.c98: 00007ffb3663c000-00007ffb3663efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3832c84.c98: 00007ffb3663f000-00007ffb366aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3842c84.c98: 00007ffb366ab000-00007ffffffdffff 0x0001/0x0000 0x0000000
3852c84.c98: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3862c84.c98: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
3872c84.c98: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3882c84.c98: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3892c84.c98: ntdll.dll: Differences in section #1 (.text) between file and memory:
3902c84.c98: 00007ffb364ec340 / 0x001c340: 40 != 48
3912c84.c98: 00007ffb364ec341 / 0x001c341: 53 != b8
3922c84.c98: 00007ffb364ec342 / 0x001c342: 55 != 48
3932c84.c98: 00007ffb364ec343 / 0x001c343: 56 != 04
3942c84.c98: 00007ffb364ec344 / 0x001c344: 57 != f5
3952c84.c98: 00007ffb364ec345 / 0x001c345: 41 != 00
3962c84.c98: 00007ffb364ec346 / 0x001c346: 56 != 00
3972c84.c98: 00007ffb364ec347 / 0x001c347: 48 != 00
3982c84.c98: 00007ffb364ec348 / 0x001c348: 81 != 00
3992c84.c98: 00007ffb364ec349 / 0x001c349: ec != 00
4002c84.c98: 00007ffb364ec34a / 0x001c34a: d0 != ff
4012c84.c98: 00007ffb364ec34b / 0x001c34b: 00 != e0
4022c84.c98: Restored 0x2000 bytes of original file content at 00007ffb364eb000
4032c84.c98: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000
4042c84.c98: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 32 sleeps
4052c84.c98: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4062c84.c98: *0000000000000000-0000000000f0ffff 0x0001/0x0000 0x0000000
4072c84.c98: *0000000000f10000-0000000000f2ffff 0x0004/0x0004 0x0020000
4082c84.c98: *0000000000f30000-0000000000f47fff 0x0002/0x0002 0x0040000
4092c84.c98: 0000000000f48000-0000000000f5ffff 0x0001/0x0000 0x0000000
4102c84.c98: *0000000000f60000-0000000000f63fff 0x0002/0x0002 0x0040000
4112c84.c98: 0000000000f64000-0000000000f6ffff 0x0001/0x0000 0x0000000
4122c84.c98: *0000000000f70000-0000000000f70fff 0x0004/0x0004 0x0020000
4132c84.c98: 0000000000f71000-0000000000ffffff 0x0001/0x0000 0x0000000
4142c84.c98: *0000000001000000-0000000001101fff 0x0000/0x0004 0x0020000
4152c84.c98: 0000000001102000-0000000001104fff 0x0004/0x0004 0x0020000
4162c84.c98: 0000000001105000-00000000011fffff 0x0000/0x0004 0x0020000
4172c84.c98: *0000000001200000-00000000012fafff 0x0000/0x0004 0x0020000
4182c84.c98: 00000000012fb000-00000000012fdfff 0x0104/0x0004 0x0020000
4192c84.c98: 00000000012fe000-00000000012fffff 0x0004/0x0004 0x0020000
4202c84.c98: 0000000001300000-000000007ffdffff 0x0001/0x0000 0x0000000
4212c84.c98: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4222c84.c98: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4232c84.c98: 000000007fff0000-00007ff73a5cffff 0x0001/0x0000 0x0000000
4242c84.c98: *00007ff73a5d0000-00007ff73a5f2fff 0x0002/0x0002 0x0040000
4252c84.c98: 00007ff73a5f3000-00007ff73a8bffff 0x0001/0x0000 0x0000000
4262c84.c98: *00007ff73a8c0000-00007ff73a8c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4272c84.c98: 00007ff73a8c1000-00007ff73a930fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4282c84.c98: 00007ff73a931000-00007ff73a931fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4292c84.c98: 00007ff73a932000-00007ff73a977fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4302c84.c98: 00007ff73a978000-00007ff73a984fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4312c84.c98: 00007ff73a985000-00007ff73a9ccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4322c84.c98: 00007ff73a9cd000-00007ffb364cffff 0x0001/0x0000 0x0000000
4332c84.c98: *00007ffb364d0000-00007ffb364d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4342c84.c98: 00007ffb364d1000-00007ffb365dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4352c84.c98: 00007ffb365e0000-00007ffb36624fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4362c84.c98: 00007ffb36625000-00007ffb36628fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4372c84.c98: 00007ffb36629000-00007ffb3662cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4382c84.c98: 00007ffb3662d000-00007ffb3663afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4392c84.c98: 00007ffb3663b000-00007ffb3663bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4402c84.c98: 00007ffb3663c000-00007ffb3663efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4412c84.c98: 00007ffb3663f000-00007ffb366aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4422c84.c98: 00007ffb366ab000-00007ffffffdffff 0x0001/0x0000 0x0000000
4432c84.c98: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
4442c84.c98: supR3HardNtChildPurify: Done after 789 ms and 2 fixes (loop #1).
44565c.1378: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
44665c.1378: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb364d0000 g_uNtVerCombined=0xa03ad700
44765c.1378: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
44865c.1378: New simple heap: #1 0000000001400000 LB 0x400000 (for 1945600 allocation)
4492c84.c98: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
4502c84.c98: supR3HardNtEnableThreadCreation:
45165c.1378: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
45265c.1378: System32: \Device\HarddiskVolume2\Windows\System32
45365c.1378: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
45465c.1378: KnownDllPath: C:\WINDOWS\System32
45565c.1378: supR3HardenedVmProcessInit: Opening vboxdrv...
45665c.1378: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
45765c.1378: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
45865c.1378: Registered Dll notification callback with NTDLL.
45965c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
46065c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
46165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
46265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32de0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
46365c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
46465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
46565c.1378: supR3HardenedDllNotificationCallback: load 00007ffb34e70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
46665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
46765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'C:\WINDOWS\System32\KERNEL32.DLL'
46865c.1378: supR3HardenedDllNotificationCallback: load 00007ff73a8c0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
46965c.1378: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
47065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
47165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
47265c.1378: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb36549ac0 pvNtTerminateThread=00007ffb36575df0
4732c84.c98: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
47465c.1378: \SystemRoot\System32\ntdll.dll:
47565c.1378: CreationTime: 2017-07-12T17:28:10.097582200Z
47665c.1378: LastWriteTime: 2017-06-20T06:10:49.467134900Z
47765c.1378: ChangeTime: 2017-08-08T17:42:24.071882000Z
47865c.1378: FileAttributes: 0x20
47965c.1378: Size: 0x1d7450
48065c.1378: NT Headers: 0xe0
48165c.1378: Timestamp: 0xa329d3a8
48265c.1378: Machine: 0x8664 - amd64
48365c.1378: Timestamp: 0xa329d3a8
48465c.1378: Image Version: 10.0
48565c.1378: SizeOfImage: 0x1db000 (1945600)
48665c.1378: Resource Dir: 0x170000 LB 0x69398
48765c.1378: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
48865c.1378: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
48965c.1378: ProductName: Microsoft® Windows® Operating System
49065c.1378: ProductVersion: 10.0.15063.447
49165c.1378: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
49265c.1378: FileDescription: NT Layer DLL
49365c.1378: \SystemRoot\System32\kernel32.dll:
49465c.1378: CreationTime: 2017-05-10T17:07:38.925189500Z
49565c.1378: LastWriteTime: 2017-04-28T01:06:01.409897400Z
49665c.1378: ChangeTime: 2017-08-08T17:42:24.029726300Z
49765c.1378: FileAttributes: 0x20
49865c.1378: Size: 0xad068
49965c.1378: NT Headers: 0xf8
50065c.1378: Timestamp: 0xf5fa43df
50165c.1378: Machine: 0x8664 - amd64
50265c.1378: Timestamp: 0xf5fa43df
50365c.1378: Image Version: 10.0
50465c.1378: SizeOfImage: 0xae000 (712704)
50565c.1378: Resource Dir: 0xac000 LB 0x520
50665c.1378: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
50765c.1378: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
50865c.1378: ProductName: Microsoft® Windows® Operating System
50965c.1378: ProductVersion: 10.0.15063.296
51065c.1378: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
51165c.1378: FileDescription: Windows NT BASE API Client DLL
51265c.1378: \SystemRoot\System32\KernelBase.dll:
51365c.1378: CreationTime: 2017-08-08T17:39:55.430734400Z
51465c.1378: LastWriteTime: 2017-07-28T05:25:32.331020800Z
51565c.1378: ChangeTime: 2017-08-08T22:01:15.220073400Z
51665c.1378: FileAttributes: 0x20
51765c.1378: Size: 0x249df0
51865c.1378: NT Headers: 0x100
51965c.1378: Timestamp: 0x5405b5
52065c.1378: Machine: 0x8664 - amd64
52165c.1378: Timestamp: 0x5405b5
52265c.1378: Image Version: 10.0
52365c.1378: SizeOfImage: 0x249000 (2396160)
52465c.1378: Resource Dir: 0x22a000 LB 0x548
52565c.1378: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
52665c.1378: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
52765c.1378: ProductName: Microsoft® Windows® Operating System
52865c.1378: ProductVersion: 10.0.15063.502
52965c.1378: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
53065c.1378: FileDescription: Windows NT BASE API Client DLL
53165c.1378: \SystemRoot\System32\apisetschema.dll:
53265c.1378: CreationTime: 2017-03-18T20:57:35.373527900Z
53365c.1378: LastWriteTime: 2017-03-18T20:57:35.373527900Z
53465c.1378: ChangeTime: 2017-05-05T20:58:39.974585600Z
53565c.1378: FileAttributes: 0x20
53665c.1378: Size: 0x1ada0
53765c.1378: NT Headers: 0xc0
53865c.1378: Timestamp: 0x76544b2
53965c.1378: Machine: 0x8664 - amd64
54065c.1378: Timestamp: 0x76544b2
54165c.1378: Image Version: 10.0
54265c.1378: SizeOfImage: 0x1b000 (110592)
54365c.1378: Resource Dir: 0x1a000 LB 0x408
54465c.1378: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54565c.1378: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
54665c.1378: ProductName: Microsoft® Windows® Operating System
54765c.1378: ProductVersion: 10.0.15063.0
54865c.1378: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
54965c.1378: FileDescription: ApiSet Schema DLL
55065c.1378: NtOpenDirectoryObject failed on \Driver: 0xc0000022
55165c.1378: supR3HardenedWinFindAdversaries: 0x0
55265c.1378: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
55365c.1378: Calling main()
55465c.1378: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
55565c.1378: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
55665c.1378: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
55765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
55865c.1378: SUPR3HardenedMain: Final process, opening VBoxDrv...
55965c.1378: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
56065c.1378: supR3HardNtEnableThreadCreation:
56165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
56265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
56365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56465c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
56565c.1378: supR3HardenedDllNotificationCallback: load 00007ffb22f30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
56665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
56765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
56865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22f30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
57565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
57665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
57765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
57865c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
57965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
58065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58265c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
58365c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
58465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
58565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
58665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
58765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
58865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
58965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
59065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
59165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
59265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
59365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
59465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
59565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
59665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
59765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
59865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
59965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
60065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35840000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
60265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
60365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32940000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
60465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
60565c.1378: supR3HardenedDllNotificationCallback: load 00007ffb33030000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
60665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
60765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
60865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32a60000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
60965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
61065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb34f30000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
61165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
61265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35060000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
61365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
61465c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
61565c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
61665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35790000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
61765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
61965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
62065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
62165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
62265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32ce0000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
62365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
62465c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
62565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-synch-l1-2-0'
62765c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
62865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-fibers-l1-1-1'
63065c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
63165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
63265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-fibers-l1-1-1'
63365c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
63465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
63565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-synch-l1-2-0'
63665c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
63765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
63865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-localization-l1-2-1'
63965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\WINDOWS\system32\Wintrust.dll'
64065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
64165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
64265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
64365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
64465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
64565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
64665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
64765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
64865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
64965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
65265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
65365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
65465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
65565c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32500000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
65765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32500000 'C:\WINDOWS\system32\bcrypt.dll'
65965c.1378: bcrypt.dll loaded at 00007ffb32500000, BCryptOpenAlgorithmProvider at 00007ffb32504aa0, preloading providers:
66065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
66165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
66265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb329f0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
66465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
66565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb329f0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
66665c.1378: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000018fde90)
66765c.1378: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000018fecb0)
66865c.1378: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000018fef80)
66965c.1378: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000018ffa60)
67065c.1378: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000018ffd30)
67165c.1378: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001900000)
67265c.1378: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000019002d0)
67365c.1378: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000019005a0)
67465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
67565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
67765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
67865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
68065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
68165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
68265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
68365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
68465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
68565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
68665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
68765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
68865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
68965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
69065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
69165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
69265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
69365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
69465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
69565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
69665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
69765c.1378: supR3HardenedDllNotificationCallback: load 00007ffb323f0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
69865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
69965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
70065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
70165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
70265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
70365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
70465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
70565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70665c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70765c.1378: supR3HardenedDllNotificationCallback: load 00007ffb31e70000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
70865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
71065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
71165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
71265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
71365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32410000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
71465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
71565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
71665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
71765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
71865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
71965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'C:\WINDOWS\System32\kernel32.dll'
72165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
72365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
72465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\CRYPT32.dll'
72665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb353b0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
72765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
72865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
72965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
73065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
73265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
73365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
73465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
73565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
73665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
73765c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll)
73865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
73965c.1378: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f4 (hFile=00000000000001e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
74065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
74265c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
74365c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
74465c.1378: supR3HardenedDllNotificationCallback: load 00007ffb31730000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
74565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
74665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32980000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
74765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
74865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
74965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
75065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
75165c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
75265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
75365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
75465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
75565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
75665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
76065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
76165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
76265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
76665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
76765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
76865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
76965c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
77065c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
77165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
77265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
77365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
77465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
77565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
77665c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
77765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
77865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
77965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
78065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
78165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
78265c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
78365c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
78465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
78565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
78665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
78765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
78865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
78965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
79065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
79165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79265c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb17230000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
79465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79665c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
79765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
79865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
80065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
80165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
80265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
80365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
80465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
80565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
80665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
80765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
80865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
80965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
81065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
81165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
81265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
81365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
81465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
81565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
81665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
81765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
81865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
81965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
82065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
82165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
82265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
82365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\WINDOWS\System32\cryptnet.dll'
82465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
82565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17230000 'C:\Windows\System32\cryptnet.dll'
82665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
82965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
83065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
83265c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
83365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001939480
83465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
83565c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
83665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
83765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34f30000 'C:\WINDOWS\System32\rpcrt4.dll'
83965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
84065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
84165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
84265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
84365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
84465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
84565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
84665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
84765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
84865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
84965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
85065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
85165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
85265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
85465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
85565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
85765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
85865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
86065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1289_for_KB4034674~31bf3856ad364e35~amd64~~10.0.1.10.cat'; file='\SystemRoot\System32\ntdll.dll'
86165c.1378: g_pfnWinVerifyTrust=00007ffb32ced3e0
86265c.1378: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
86365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
86665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
86765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
86965c.1378: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
87065c.1378: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
87165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
87265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
87365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
87465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
87565c.1378: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
87665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
87765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
87865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
87965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
88065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
88165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
88265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
88365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
88465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
88565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
88665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
88765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
88865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
88965c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
89065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
89165c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
89265c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
89365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
89465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
89565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
89665c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
89765c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
89865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
89965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
90065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
90165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
90265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
90365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
90465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
90565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
90665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
90765c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
90865c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
90965c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
91065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
91165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
91265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
91365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
91465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
91665c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
91765c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
91865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
91965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
92065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
92165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
92265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
92365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
92465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
92565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
92665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
92765c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
92865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
92965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
93065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
93165c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
93265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
93365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
93465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
93565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
93665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
93765c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
93865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
93965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
94065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
94165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
94265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
94365c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
94465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
94565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
94665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
94765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
94865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
94965c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
95065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
95165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
95265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
95365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
95465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
95565c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
95665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
95765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
95865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
95965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
96065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
96165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
96265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
96365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
96465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
96565c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
96665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
96765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
96865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
96965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\system32\crypt32.dll'
97065c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
97165c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
97265c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
97365c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
97465c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
97565c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
97665c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x7d57846fa713bb00 CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
97765c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
97865c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
97965c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
98065c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
98165c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
98265c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
98365c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
98465c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
98565c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
98665c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
98765c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
98865c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
98965c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
99065c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
99165c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
99265c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
99365c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
99465c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
99565c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
99665c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
99765c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
99865c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
99965c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
100065c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
100165c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
100265c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
100365c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
100465c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
100565c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
100665c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
100765c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
100865c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
100965c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
101065c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
101165c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
101265c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
101365c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
101465c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
101565c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
101665c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
101765c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
101865c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
101965c.1378: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
102065c.1378: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
102165c.1378: SUPR3HardenedMain: Load Runtime...
102265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
102365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
102465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
102565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
102665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
102765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
102865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
102965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
103065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
103165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
103265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
103365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
103465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
103565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
103765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
103865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
104065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
104165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
104265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
104365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
104465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
104565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
104665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
104765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
104865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
104965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
105065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
105165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
105265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
105365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
105465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
105565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
105665c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
105865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
105965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
106065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
106165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
106265c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
106365c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
106465c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
106565c.1378: supR3HardenedDllNotificationCallback: load 00000000601d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
106665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
106765c.1378: supR3HardenedDllNotificationCallback: load 0000000060130000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
106865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
106965c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35c50000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
107065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
107165c.1378: supR3HardenedDllNotificationCallback: load 00007ffaf3210000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
107265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
107365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
107665c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
107765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
107965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
108265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
108565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
108865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
109165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
110165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
110265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
111965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf3210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\WINDOWS\system32\Wintrust.dll'
112565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
112665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
112765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
112865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
112965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\system32\crypt32.dll'
113065c.1378: SUPR3HardenedMain: Load TrustedMain...
113165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
113265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
113365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
113465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
113565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
113665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
113765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
113865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
113965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
114065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
114165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
114265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
114365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
114465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
114565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
114665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
114765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
114865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
114965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
115065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
115165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
115265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
115365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
115465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
115565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
115665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
115765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
115865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
115965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
116065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
116165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
116265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
116365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
116465c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
116565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
116665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
116765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
116865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
116965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
117065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
117165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
117265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
117365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
117465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
117565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
117665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
117765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
117865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
117965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
118065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
118165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
118265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
118365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
118465c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
118565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
118665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
118765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
118865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
118965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
119065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
119165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
119265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
119365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
119465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
119565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
119665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
119765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
119865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
119965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
120065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
120165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
120265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
120365c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
120465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
120565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
120665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
120765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
120865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
120965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
121065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
121265c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
121365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
121465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
121565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
121665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
121765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
121865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
121965c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
122065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
122165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
122265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
122365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
122465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122665c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
122765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
122865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
122965c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
123065c.1378: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
123165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
123265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
123365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
123465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
123565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
123665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
123765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
123865c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
123965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
124065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
124165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
124265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
124365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
124465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
124565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
124665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
124765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
124865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
124965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
125065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
125165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
125265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
125365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
125465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
125565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
125665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
125765c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
125865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
125965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
126065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
126165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
126265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
126365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
126465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
126565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
126665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
126765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
126865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
126965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
127065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
127165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
127265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
127365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
127465c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
127565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
127665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
127765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
127865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
127965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
128065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
128165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
128265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
128365c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
128465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
128565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
128665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
128765c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
128865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
128965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
129065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
129165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
129265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
129365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
129465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
129565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
129665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
129765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
129865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
129965c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
130065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
130165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
130265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
130365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
130465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
130565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
130665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
130765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
130865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
130965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
131065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
131165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
131265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
131365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
131465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
131565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
131665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
131765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
131865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
131965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
132065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
132165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
132265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
132365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
132465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
132565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
132665c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
132765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
132865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
132965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
133065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
133165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
133265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
133365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
133465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
133565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
133665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
133765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
133865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
133965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
134065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
134165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
134265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
134365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
134465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
134565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
134665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
134765c.1378: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
134865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
134965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
135065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
135165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
135265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
135365c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
135465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
135565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
135665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
135765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
135865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
135965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
136065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
136165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
136265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
136365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
136465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
136565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
136665c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
136765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
136865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
136965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
137065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
137165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
137265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
137365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
137465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
137565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
137665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
137765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
137865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
137965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
138065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
138165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
138265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
138365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
138465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
138565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
138665c.1378: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
138765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
138865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
138965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
139065c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
139165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
139265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
139365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
139465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
139565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
139865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
139965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
140065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
140165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
140265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
140365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
140465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
140565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
140665c.1378: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
140765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
140865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
140965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
141065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
141165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
141265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
141365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
141465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
141565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
141665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
141765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
141865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
141965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
142065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
142165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
142265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
142365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
142465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
142565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
142665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
142765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
142865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
142965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
143065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
143165c.1378: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
143265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
143365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
143465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
143565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
143665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
143765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
143865c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
143965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
144065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
144165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
144265c.1378: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
144365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
144465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
144565c.1378: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
144665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
144765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
144865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
144965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
145065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
145165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
145265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
145365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
145465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
145565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
145665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
145765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
145865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
145965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
146065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
146165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
146265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
146365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
146465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
146565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
146665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
146765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
146865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
146965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
147065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
147165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
147265c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
147365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
147465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
147565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
147665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
147765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
147865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
147965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
148065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
148165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
148265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
148365c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
148465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
148565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
148665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
148765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
148865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
148965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
149065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
149165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
149265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
149365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
149465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
149565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
149665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
149765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
149865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
149965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
150065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
150165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
150265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
150365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
150465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
150565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
150665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
150765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
150865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
150965c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
151065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
151165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
151265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
151365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
151465c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
151565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
151665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
151765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
151865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
151965c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
152065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
152165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
152265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
152365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
152465c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
152565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
152665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
152765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
152865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
152965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
153065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
153165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
153265c.1378: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
153365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
153465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
153565c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
153665c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
153765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
153865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
153965c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
154065c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
154165c.1378: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
154265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
154365c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
154465c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
154565c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
154665c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
154765c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
154865c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
154965c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
155065c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
155165c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
155265c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
155365c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
155465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
155565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
155665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
155765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
155865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
155965c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
156065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb33830000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
156165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
156265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32d40000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
156365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
156465c.1378: supR3HardenedDllNotificationCallback: load 00007ffb33850000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
156565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
156665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
156765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
156865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
156965c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
157065c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
157165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35380000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
157265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
157365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35230000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
157465c.1378: supR3HardenedDllNotificationCallback: load 00007ffb19c70000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
157565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
157665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb22e00000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
157765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
157865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb339e0000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
157965c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
158065c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
158165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35460000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
158265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
158365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb36420000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
158465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
158565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
158665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
158765c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
158865c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
158965c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35cc0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
159065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
159165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32960000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
159265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
159365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
159465c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
159565c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
159665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb329a0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
159765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
159865c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
159965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
160065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb33130000 LB 0x006f3000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
160165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
160265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
160365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
160465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
160565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
160665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
160765c.1378: supR3HardenedDllNotificationCallback: load 00007ffb33a30000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
160865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
160965c.1378: supR3HardenedDllNotificationCallback: load 00007ffb36220000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
161065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
161165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb18850000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
161265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
161365c.1378: supR3HardenedDllNotificationCallback: load 000000005fbc0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
161465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
161565c.1378: supR3HardenedDllNotificationCallback: load 00007ffaf2320000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
161665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
161765c.1378: supR3HardenedDllNotificationCallback: load 000000005f5f0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
161865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
161965c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2ca30000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
162065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
162165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2ab40000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
162265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
162365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb350c0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
162465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
162565c.1378: supR3HardenedDllNotificationCallback: load 00007ffb02250000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
162665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
162765c.1378: supR3HardenedDllNotificationCallback: load 000000005fb60000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
162865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
162965c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35d20000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
163065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
163165c.1378: supR3HardenedDllNotificationCallback: load 00007ffb30a30000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
163265c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
163365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb30d20000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
163465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
163565c.1378: supR3HardenedDllNotificationCallback: load 00007ffaf2920000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
163665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
163765c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
163865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
163965c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
164065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
164165c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
164265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
164365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
164465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
164565c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
164665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
164765c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
164865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
164965c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
165065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
165165c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
165265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
165365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
165465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
165565c.1378: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
165665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
165765c.1378: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
165865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
165965c.1378: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
166065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
166165c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
166265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
166365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
166465c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
166565c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
166665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
166765c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
166865c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
166965c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
167065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
167165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
167265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
167365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
167465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
167565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
167665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
167765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
167865c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
167965c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
168065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
168465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
169065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
169165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
169265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
169365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
169465c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
169565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
169665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
169765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
169865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
169965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
170065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
170165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
170265c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
170365c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
170465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
170765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
170865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
170965c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
171065c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
171165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
171265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
171365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
171465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
171665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
171765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
171865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
171965c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
172065c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
172165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
172265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
172365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
172465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
172565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'C:\WINDOWS\System32\kernel32.dll'
172665c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
172765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
172865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-string-l1-1-0'
172965c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
173065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-datetime-l1-1-1'
173265c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
173365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-localization-obsolete-l1-2-0'
173565c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
173665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
173765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
173865c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
173965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
174065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
174165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
174265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
174365c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
174465c.1378: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
174565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
174865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb35760000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
174965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
175065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35760000 'C:\WINDOWS\system32\IMM32.DLL'
175165c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
175265c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
175365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
175465c.1378: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
175565c.1378: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
175665c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
175765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35760000 'C:\WINDOWS\System32\imm32.dll'
175865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
175965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35790000 'C:\WINDOWS\System32\ADVAPI32.DLL'
176165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf2920000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
176265c.1378: SUPR3HardenedMain: Calling TrustedMain (00007ffaf2921610)...
176365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
176465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
176565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
176665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
176765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
176865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
176965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
177065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
177165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
177265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
177365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
177465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
177565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
177665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
177765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
177865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
177965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
178065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
178165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
178265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
178365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
178465c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
178565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
178665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
178765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
178865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
178965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
179065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
179165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
179265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
179365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
179465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
179565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
179665c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
179765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
179865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
179965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
180065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
180165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
180265c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
180365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
180465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
180565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
180665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
180765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
180865c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
180965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
181065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
181165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
181265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
181365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
181465c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
181565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
181665c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
181765c.1378: supR3HardenedDllNotificationCallback: load 00007ffb02120000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
181865c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
181965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02120000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
182065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
182165c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
182265c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
182365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
182465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
182565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
182665c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
182765c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
182865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
182965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
183065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
183165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
183265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
183365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
183465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
183565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
183665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
183765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
183865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
183965c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
184065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
184165c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
184265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb31160000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
184365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
184465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31160000 'C:\WINDOWS\system32\uxtheme.dll'
184565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35230000 'C:\WINDOWS\system32\user32.dll'
184665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
184765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
184865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
184965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
185065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
185165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
185265c.1378: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
185365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
185465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36420000 'C:\WINDOWS\system32\SHCore.dll'
185565c.1378: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
185665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
185765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
185865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
185965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
186065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
186165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
186265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
186365c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2f810000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
186465c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
186565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
186665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
186765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
186865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
186965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
187065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
187165c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
187265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
187365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
187465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
187565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
187665c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
187765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
187865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\system32\winmm.dll'
188065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
188165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
188265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\system32\winmm.dll'
188365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
188465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
188565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
188665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
188765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
188865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31160000 'C:\WINDOWS\system32\uxtheme.dll'
188965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
189065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35790000 'C:\WINDOWS\system32\advapi32.dll'
189265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
189365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
189465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
189565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
189665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
189765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
189865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
189965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
190065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
190165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
190265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
190365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
190465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
190565c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
190665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb32840000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
190765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
190865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32840000 'C:\WINDOWS\system32\userenv.dll'
190965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
191065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
191165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'C:\WINDOWS\System32\kernel32.dll'
191265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb36370000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
191365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
191465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
191565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
191665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
191765c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
191865c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
191965c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192065c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192165c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
192265c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
192365c.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
192465c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
192565c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
192665c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
192765c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
192865c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
192965c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
193065c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
193165c.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
193265c.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
193365c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
193465c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
193565c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
193665c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
193765c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
193865c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
193965c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
194065c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
194165c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
194265c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
194365c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
194465c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
194565c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
194665c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
194765c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
194865c.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
194965c.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
195065c.2974: supR3HardenedDllNotificationCallback: load 00007ffaf1e20000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
195165c.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
195265c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf1e20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
195365c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
195465c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
195565c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
195665c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
195765c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
195865c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
195965c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
196065c.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
196165c.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
196265c.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
196365c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
196465c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
196565c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
196665c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
196765c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
196865c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
196965c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
197065c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
197165c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
197265c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
197365c.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
197465c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
197565c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
197665c.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
197765c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
197865c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
197965c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
198065c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
198165c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
198265c.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
198365c.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
198465c.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
198565c.2974: supR3HardenedDllNotificationCallback: load 00007ffb008e0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
198665c.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
198765c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb008e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
198865c.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
198965c.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
199065c.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35d20000 'C:\WINDOWS\system32\oleaut32.dll'
199165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
199265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
199365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35380000 'C:\WINDOWS\system32\gdi32.dll'
199465c.2984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
199565c.2984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
199665c.2984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
199765c.2984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
199865c.2984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
199965c.2984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
200065c.2984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
200165c.2984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
200265c.2984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
200365c.2984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
200465c.2984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
200565c.2984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
200665c.2984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
200765c.2984: supR3HardenedDllNotificationCallback: load 00007ffb1d1b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
200865c.2984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
200965c.2984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1d1b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
201065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
201165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
201265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35d20000 'C:\Windows\System32\oleaut32.dll'
201365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
201465c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
201565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
201665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
201765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
201865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
201965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
202065c.1378: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
202165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
202265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
202365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
202465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb364d0000 'C:\WINDOWS\System32\ntdll.dll'
202565c.1378: supR3HardenedDllNotificationCallback: load 00007ffb358e0000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
202665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
202765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
202865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
202965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
203065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
203165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
203265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
203365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
203465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
203565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
203665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
203765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
203865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
204065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
204165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
204265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
204365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
204465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
204665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
204765c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
204865c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
204965c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
205065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
205165c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
205265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
205365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
205465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
205565c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
205865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
205965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
206065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
206165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
206265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
206365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
206465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
206565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
206665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
206765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
206865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
206965c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
207065c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
207165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
207265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
207365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
207465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
207565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
207665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
207765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
207865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
207965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
208065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
208165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
208265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
208365c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
208465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
208565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
208665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
208765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
208865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
208965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
209065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
209165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
209265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
209365c.1378: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
209465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
209565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
209665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
209765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
209865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
209965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
210065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
210165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
210265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
210365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
210465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
210565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
210665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
210765c.1378: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
210865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
210965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
211065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
211165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
211265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
211365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
211465c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
211565c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
211665c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
211765c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
211865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb317b0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
211965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
212065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2f990000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
212165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
212265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb308d0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
212365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
212465c.1378: supR3HardenedDllNotificationCallback: load 00007ffb13160000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
212565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
212665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb13160000 'C:\WINDOWS\system32\dataexchange.dll'
212765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
212865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
212965c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
213065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
213165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
213265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
213365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
213465c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
213565c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
213665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb31230000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
213765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
213865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
213965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
214065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
214165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
214265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
214365c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
214465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
214565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
214665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
214765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
214865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
214965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
215065c.1378: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
215165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
215265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
215365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb358e0000 'C:\WINDOWS\System32\MSCTF.dll'
215465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
215565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
215665c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
215765c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
215865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36220000 'C:\WINDOWS\System32\ole32.dll'
215965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
216065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
216165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35d20000 'C:\WINDOWS\System32\OLEAUT32.dll'
216265c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a8c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
216365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
216465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
216565c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
216665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
216765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
216865c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
216965c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
217065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
217165c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
217265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
217365c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
217465c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
217565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
217665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
217765c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
217865c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
217965c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
218065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
218165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
218265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
218365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
218465c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
218565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
218665c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
218765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
218865c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
218965c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
219065c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
219165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
219265c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
219365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
219465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
219565c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
219665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
219765c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
219865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
219965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
220065c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
220165c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
220265c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
220365c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
220465c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
220565c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
220665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb23860000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
220765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
220865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb216f0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
220965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
221065c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
221165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
221265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
221365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb216f0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
221465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
221565c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
221665c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
221765c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
221865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
221965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
222065c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
222165c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
222265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
222365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
222465c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
222565c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
222665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
222765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
222865c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
222965c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
223065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
223165c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
223265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb20a70000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
223365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
223465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20a70000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
223565c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
223665c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
223765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-localization-l1-2-0.dll'
223865c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
223965c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
224065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
224165c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
224265c.1378: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
224365c.1378: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
224465c.1378: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
224565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
224665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
224765c.1378: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
224865c.1378: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
224965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
225165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
225265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
225365c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
225465c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
225565c.1378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
225665c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
225765c.1378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
225865c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
225965c.1378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
226065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb20430000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
226165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
226265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20430000 'C:\WINDOWS\system32\wbem\fastprox.dll'
226365c.15d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
226465c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
226565c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
226665c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
226765c.15d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
226865c.15d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
226965c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
227065c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
227165c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
227265c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
227365c.15d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
227465c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
227565c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
227665c.15d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
227765c.15d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
227865c.15d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
227965c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
228065c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
228165c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228265c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228365c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
228465c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
228565c.15d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
228665c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
228765c.15d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
228865c.15d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228965c.15d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
229065c.15d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
229165c.15d8: supR3HardenedDllNotificationCallback: load 000000005f4e0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
229265c.15d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
229365c.15d8: supR3HardenedDllNotificationCallback: load 00007ffaff700000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
229465c.15d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
229565c.15d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff700000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
229665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
229765c.16ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
229865c.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
229965c.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
230065c.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
230165c.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
230265c.16ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
230365c.16ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
230465c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
230565c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
230665c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
230765c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
230865c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
230965c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
231065c.16ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
231165c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
231265c.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
231365c.16ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
231465c.16ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
231565c.16ec: supR3HardenedDllNotificationCallback: load 00007ffb1bb50000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
231665c.16ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
231765c.16ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1bb50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
231865c.16ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35230000 'C:\WINDOWS\system32\User32.dll'
231965c.2f2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
232065c.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
232165c.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
232265c.2f2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
232365c.2f2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
232465c.2f2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
232565c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
232665c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
232765c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
232865c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
232965c.2f2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
233065c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
233165c.2f2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
233265c.2f2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233365c.2f2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
233465c.2f2c: supR3HardenedDllNotificationCallback: load 00007ffb1a6a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
233565c.2f2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
233665c.2f2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1a6a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
233765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
233865c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
233965c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
234065c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
234165c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
234265c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
234365c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
234465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
234565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
234665c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
234765c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
234865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
234965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
235065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
235165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
235265c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
235365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
235465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
235565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
235665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
235765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
235865c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
235965c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
236065c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
236165c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
236265c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
236365c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
236465c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
236565c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
236665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
236765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
236865c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
236965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
237065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
237165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
237265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
237365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
237465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
237565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
237665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
237765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
237865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
237965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
238065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
238165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
238265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
238365c.10e4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
238465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
238565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
238665c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
238765c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
238865c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
238965c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
239065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
239165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
239265c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
239365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
239465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
239565c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
239665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
239765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
239865c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
239965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
240065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
240165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
240265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
240365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
240465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
240565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
240665c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
240765c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
240865c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
240965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
241065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
241165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
241265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
241365c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
241465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
241565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
241665c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
241765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
241865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
241965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
242065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
242165c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242265c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
242365c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
242465c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
242565c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb19070000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
242665c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
242765c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb117f0000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
242865c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
242965c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb02320000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
243065c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
243165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02320000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
243265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
243365c.10e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
243465c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
243565c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb117f0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
243765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
243865c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
243965c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
244065c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
244165c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
244265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
244365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
244465c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
244565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
244665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
244765c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244865c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
244965c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb13590000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
245065c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
245165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb13590000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
245265c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
245365c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\system32/opengl32.dll'
245565c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
245665c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
245865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35380000 'C:\WINDOWS\System32\gdi32.dll'
245965c.10e4: \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll: Owner is administrators group.
246065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
246165c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
246265c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
246365c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
246465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
246565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
246665c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
246765c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
246865c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvoglv64.dll) WinVerifyTrust
246965c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
247065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
247165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
247265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
247365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
247465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247565c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
247665c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
247765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
247865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
247965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
248165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
248265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
248365c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
248465c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
248565c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
248665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
248765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
248865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
249065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
249165c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
249265c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
249365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
249465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
249565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
249665c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
249765c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
249865c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
249965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
250065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
250165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
250265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
250365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
250465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
250565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
250665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
250765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
250865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
250965c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
251065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
251165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
251265c.10e4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
251365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
251465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
251565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
251665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
251765c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
251865c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\nvoglv64.dll (Input=nvoglv64, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
251965c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
252065c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
252165c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
252265c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb35de0000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
252365c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
252465c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb2f500000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
252565c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
252665c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb2da10000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
252765c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
252865c.10e4: supR3HardenedDllNotificationCallback: load 000000005d260000 LB 0x0227c000 C:\WINDOWS\System32\nvoglv64.dll [fFlags=0x0]
252965c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
253065c.10e4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
253165c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
253265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-synch-l1-2-0'
253365c.10e4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
253465c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
253565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-fibers-l1-1-1'
253665c.10e4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
253765c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
253865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-synch-l1-2-0'
253965c.10e4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
254065c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
254165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-fibers-l1-1-1'
254265c.10e4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
254365c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
254465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32de0000 'api-ms-win-core-localization-l1-2-1'
254565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35790000 'C:\WINDOWS\system32\Advapi32.dll'
254665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35380000 'C:\WINDOWS\system32\gdi32.dll'
254765c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
254865c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
254965c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
255065c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb314c0000 LB 0x00028000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
255165c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
255265c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
255365c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
255465c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb31ca0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
255565c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
255665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000005d260000 'C:\WINDOWS\System32\nvoglv64.dll'
255765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
255865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
255965c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
256065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
256165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
256265c.10e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
256365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
256465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
256565c.10e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
256665c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
256765c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
256865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\system32\opengl32.dll'
256965c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
257065c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
257165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2f810000 'C:\WINDOWS\system32\dwmapi.dll'
257265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\Shell32.dll'
257365c.10e4: \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll: Owner is administrators group.
257465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
257565c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
257665c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
257765c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
257865c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
257965c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
258065c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'.
258165c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'psapi.dll'.
258265c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'winhttp.dll'.
258365c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'wtsapi32.dll'.
258465c.10e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shlwapi.dll'.
258565c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvspcap64.dll) WinVerifyTrust
258665c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll
258765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
258865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
258965c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
259065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
259165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
259265c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
259365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
259465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume2\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
259565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
259665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
259765c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winhttp.dll) WinVerifyTrust
259865c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winhttp.dll
259965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
260065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
260165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
260265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
260365c.10e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
260465c.10e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
260565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
260665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
260765c.10e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
260865c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
260965c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
261065c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
261165c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
261265c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
261365c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
261465c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
261565c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
261665c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
261765c.10e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
261865c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvspcap64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
261965c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll
262065c.10e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winhttp.dll
262165c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb34f20000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
262265c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
262365c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb2ad30000 LB 0x000d7000 C:\WINDOWS\SYSTEM32\WINHTTP.dll [fFlags=0x0]
262465c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winhttp.dll
262565c.10e4: supR3HardenedDllNotificationCallback: load 00007ffb25740000 LB 0x001dc000 C:\WINDOWS\system32\nvspcap64.dll [fFlags=0x0]
262665c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll
262765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25740000 'C:\WINDOWS\system32\nvspcap64.dll'
262865c.2f00: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-1) -> 0x0, fPresent=1
262965c.2f00: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
263065c.2f00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32960000 'api-ms-win-appmodel-runtime-l1-1-1'
263165c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
263265c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
263965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264165c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
264265c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
264965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
265965c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
266065c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
266165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
266965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
267965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
268965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269365c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
269465c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
269565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
269965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
270965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
271965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
272965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
273965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
274965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
275965c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
276065c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
276165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
276965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
277965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
278965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
279965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
280965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
281965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
282965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
283965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
284965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
285965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
286965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
287965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
288965c.10e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
289065c.10e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
289165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
289965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
290965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
291965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
292965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
293965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
294965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
295965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
296965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
297965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
298965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
299965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300565c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300665c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300765c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300865c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
300965c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301065c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301165c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301265c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301365c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301465c.10e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301565c.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301665c.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301765c.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22e00000 'C:\WINDOWS\System32\OPENGL32.dll'
301865c.2f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
301965c.2f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll)
302065c.2f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
302165c.2f10: supR3HardenedDllNotificationCallback: load 00007ffb31aa0000 LB 0x00055000 C:\WINDOWS\SYSTEM32\WINSTA.dll [fFlags=0x0]
302265c.2f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll [avoiding WinVerifyTrust]
302365c.2f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
302465c.2f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
302565c.2f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
302665c.2f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
302765c.2f10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winsta.dll'
302865c.2f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
302965c.2f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
303065c.2f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb364d0000 'C:\WINDOWS\System32\ntdll.dll'
303165c.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
303265c.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
303365c.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
303465c.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
303565c.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
303665c.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
303765c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
303865c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
303965c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
304065c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
304165c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
304265c.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
304365c.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
304465c.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
304565c.28b4: supR3HardenedDllNotificationCallback: load 00007ffb1a300000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
304665c.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
304765c.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1a300000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
304865c.164c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
304965c.164c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
305065c.164c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
305165c.164c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
305265c.164c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
305365c.164c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
305465c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
305565c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
305665c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
305765c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
305865c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
305965c.164c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
306065c.164c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
306165c.164c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
306265c.164c: supR3HardenedDllNotificationCallback: load 00007ffb1a2d0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
306365c.164c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
306465c.164c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1a2d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
306565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\Shell32.dll'
306665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
306765c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
306865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff700000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
306965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
307065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
307165c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
307265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
307365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
307465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
307565c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
307665c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
307765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
307865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
307965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
308065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
308165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
308265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
308365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
308465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
308565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
308665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
308765c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
308865c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
308965c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb022d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
309065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
309165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb022d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
309265c.2d60: supR3HardenedDllNotificationCallback: Unload 00007ffb022d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
309365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
309465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
309565c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
309665c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
309765c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
309865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
309965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
310065c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
310165c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
310265c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
310365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
310465c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
310565c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
310665c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
310765c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
310865c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
310965c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
311065c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
311165c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
311265c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
311365c.1378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
311465c.1378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll)
311565c.1378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll
311665c.1378: supR3HardenedDllNotificationCallback: load 00007ffb307e0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
311765c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
311865c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2e8b0000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
311965c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
312065c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2f7d0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
312165c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
312265c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2dd80000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
312365c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
312465c.1378: supR3HardenedDllNotificationCallback: load 00007ffb2c6b0000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
312565c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
312665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
312765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
312865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
312965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
313065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
313165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
313265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
313365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
313565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
313665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
313765c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
313865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
314065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
314365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
314465c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
314565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
314665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
314765c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
314865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
315065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
315165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
315265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
315365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
315465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
315565c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
315665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
315765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
315865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
315965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
316065c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll'
316165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
316265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
316365c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
316465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
316565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
316665c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
316765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
316865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
316965c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
317065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
317165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
317265c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
317365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
317465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
317565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
317665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
317765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
317865c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
317965c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
318065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
318165c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
318265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
318365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
318465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
318565c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
318665c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
318765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
318865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
318965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
319065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
319165c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
319265c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
319365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
319465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
319565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
319665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
319765c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
319865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
319965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
320065c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
320165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
320265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
320365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
320465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
320565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
320665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
320765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
320865c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
320965c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
321065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
321165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
321265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
321365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
321465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
321565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
321665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
321765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
321865c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
321965c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
322065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
322165c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
322265c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
322365c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
322465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
322565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
322665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
322765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
322865c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
322965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
323065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
323165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
323265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
323365c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
323465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
323565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
323665c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
323765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
323865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
323965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
324065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
324165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
324265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
324365c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324465c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
324565c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
324665c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
324765c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
324865c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb020c0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
324965c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
325065c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb022c0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
325165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
325265c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb31ff0000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
325365c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
325465c.2d60: supR3HardenedDllNotificationCallback: load 00007ffaf1460000 LB 0x009b2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
325565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
325665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf1460000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
325765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
325865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
325965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
326065c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
326165c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb01c90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
326265c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
326365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01c90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
326465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
326565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
326665c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
326765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf1e20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
326865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
326965c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
327065c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
327165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb022c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
327265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
327365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
327465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
327565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
327665c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
327765c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
327865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
327965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
328065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
328165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
328265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
328365c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
328465c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb10930000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
328565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
328665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10930000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
328765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
328865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
328965c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
329065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
329165c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
329265c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
329365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
329465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
329565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
329665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
329765c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
329865c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
329965c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb10910000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
330065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
330165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10910000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
330265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
330365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
330465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
330565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
330665c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
330765c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
330865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
330965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
331065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
331165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
331265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
331365c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
331465c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb10750000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
331565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
331665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10750000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
331765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
331865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
331965c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
332065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
332165c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
332265c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
332365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
332465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
332565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
332665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
332765c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
332865c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
332965c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb0c690000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
333065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
333165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c690000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
333265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
333365c.1900: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
333465c.1900: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
333565c.1900: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
333665c.1900: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
333765c.1900: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
333865c.1900: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
333965c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
334065c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
334165c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
334265c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
334365c.1900: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
334465c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
334565c.1900: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
334665c.1900: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
334765c.1900: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
334865c.1900: supR3HardenedDllNotificationCallback: load 00007ffb19c60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
334965c.1900: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
335065c.1900: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb19c60000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
335165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff700000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
335265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
335365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
335465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
335565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
335665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
335765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
335865c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
335965c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
336065c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
336165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
336265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
336365c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
336465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
336565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
336665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
336765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
336865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
336965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
337065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
337165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
337265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
337365c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
337465c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
337565c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb02430000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
337665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
337765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02430000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
337865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
337965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
338065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31ff0000 'C:\WINDOWS\system32\Iphlpapi.dll'
338165c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
338265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
338365c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
338465c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
338565c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb36410000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
338665c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
338765c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
338865c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2dc80000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
338965c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
339065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
339165c.2d60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
339265c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
339365c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2dc60000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
339465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
339565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
339665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
339765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
339865c.2d60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
339965c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
340065c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2dc40000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
340165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
340265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
340365c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
340465c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
340565c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
340665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
340765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
340865c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
340965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
341065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
341165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
341265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
341365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
341465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
341565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
341665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
341765c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
341865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
341965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
342065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
342165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
342265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
342365c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
342465c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
342565c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001004 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
342665c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
342765c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
342865c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
342965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
343065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
343165c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
343265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
343365c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
343465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
343565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
343665c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
343765c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
343865c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
343965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
344065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
344165c.2d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
344265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c4 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
344365c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
344465c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
344565c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
344665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
344765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
344865c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
344965c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
345065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
345165c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
345265c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
345365c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
345465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
345565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
345665c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
345765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
345865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
345965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
346065c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
346165c.2d60: supR3HardenedDllNotificationCallback: load 00007ffaff2c0000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
346265c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
346365c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
346465c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff2c0000 'C:\WINDOWS\System32\dsound.dll'
346665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff2c0000 'C:\WINDOWS\System32\dsound.dll'
346765c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
346865c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff2c0000 'C:\WINDOWS\system32\dsound.dll'
347065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
347165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
347265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
347365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
347465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
347565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
347665c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
347765c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
347865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
347965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
348065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
348165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
348265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
348365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
348465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
348565c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
348665c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
348765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
348865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
348965c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
349065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
349165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
349265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
349365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
349465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
349565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
349665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
349765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
349865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
349965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
350065c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
350165c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
350265c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
350365c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2f570000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
350465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
350565c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2a400000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
350665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
350765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2a400000 'C:\WINDOWS\System32\MMDevApi.dll'
350865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
350965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
351065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2a400000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
351165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
351265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
351365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
351465c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001128 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
351565c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
351665c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
351765c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
351865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
351965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
352065c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1070_for_KB4034674~31bf3856ad364e35~amd64~~10.0.1.10.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
352165c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
352265c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
352365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
352465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
352565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
352665c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
352765c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
352865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
352965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
353065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
353165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
353265c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
353365c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
353465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
353565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
353665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
353765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
353865c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
353965c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
354065c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
354165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
354265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
354365c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
354465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
354565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
354665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
354765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
354865c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
354965c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
355065c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
355165c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
355265c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb16f60000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
355365c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
355465c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2ea00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
355565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
355665c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb10790000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
355765c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
355865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
355965c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
356065c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
356265c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
356365c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
356565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
356665c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
356865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
356965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
357065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
357165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
357265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
357365c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
357465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
357565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
357665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
357765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
357865c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
357965c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
358065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
358165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
358265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
358365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
358465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
358565c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
358665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
358765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
358865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
358965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
359065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
359165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
359265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
359365c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
359465c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
359565c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb2b350000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
359665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
359765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2b350000 'C:\WINDOWS\System32\AUDIOSES.DLL'
359865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
359965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
360065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
360265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
360365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
360965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
361065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
361165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
361265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
361465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
361565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10790000 'C:\WINDOWS\System32\wdmaud.drv'
361665c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001014 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
361765c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
361865c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
361965c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
362065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
362165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
362265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
362365c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
362465c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
362565c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
362665c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
362765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
362865c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
362965c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
363065c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
363165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
363265c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
363365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
363465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
363565c.2d60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
363665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
363765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
363865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
363965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
364065c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
364165c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
364265c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
364365c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
364465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
364565c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
364665c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
364765c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
364865c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
364965c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
365065c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
365165c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
365265c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
365365c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb10770000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
365465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
365565c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb162a0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
365665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
365765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
365865c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
365965c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
366165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
366265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
366465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
366565c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
366765c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
366865c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
367165c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
367265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367365c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
367465c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
367565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb162a0000 'C:\WINDOWS\System32\msacm32.drv'
367965c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001108 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
368065c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
368165c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
368265c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
368365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
368465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
368565c.2d60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
368665c.2d60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
368765c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
368865c.2d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
368965c.2d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
369065c.2d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
369165c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
369265c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
369365c.2d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
369465c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
369565c.2d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
369665c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
369765c.2d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
369865c.2d60: supR3HardenedDllNotificationCallback: load 00007ffb15f20000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
369965c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
370065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15f20000 'C:\WINDOWS\System32\midimap.dll'
370165c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
370265c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
370365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15f20000 'C:\WINDOWS\System32\midimap.dll'
370465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
370565c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
370665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15f20000 'C:\WINDOWS\System32\midimap.dll'
370765c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
370865c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
370965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15f20000 'C:\WINDOWS\System32\midimap.dll'
371065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
371665c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
371765c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
371865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff2c0000 'C:\WINDOWS\system32\dsound.dll'
371965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
372065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
372165c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
372365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
372465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
372565c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
372665c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff2c0000 'C:\WINDOWS\system32\dsound.dll'
372865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
372965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373065c.1378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
373165c.1378: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
373265c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373465c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
373965c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33a30000 'C:\WINDOWS\system32\shell32.dll'
374065c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35d20000 'C:\WINDOWS\System32\OLEAUT32.DLL'
374165c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
374265c.1378: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
374365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35230000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
374465c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
374565c.1378: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
374665c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35230000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
374765c.1378: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
374865c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
374965c.1378: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
375065c.1378: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
375165c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb35460000 'api-ms-win-core-com-l1-1-1.dll'
375265c.1378: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
375365c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
375465c.1378: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
375565c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
375665c.1378: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
375765c.1378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
375865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
375965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
376965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377065c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
377165c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
377265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
377965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
378965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379465c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379565c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379765c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379865c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
379965c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380065c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380165c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380265c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380365c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380465c.2d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
380565c.2d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
380665c.2d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
380765c.2ecc: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
380865c.2ecc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
380965c.2ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
381065c.2ecc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000011e4 (hFile=00000000000011e0) with 0xc0000022 -> STATUS_TRUST_FAILURE
381165c.2ecc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
381265c.2ecc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000011e0 (hFile=00000000000011e4) with 0xc0000022 -> STATUS_TRUST_FAILURE
381365c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001390 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
381465c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001939480
381565c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001939480
381665c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
381765c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\CRYPT32.dll'
381865c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8867A3D506FE23E5881B28A9F704179D1A9B603A
381965c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
382065c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
382165c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB4034674~31bf3856ad364e35~amd64~~10.0.1.10.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
382265c.2ecc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
382365c.2ecc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
382465c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
382565c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
382665c.2ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
382765c.2ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
382865c.2ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
382965c.2ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
383065c.2ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
383165c.2ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
383265c.2ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
383365c.2ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
383465c.2ecc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
383565c.2ecc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
383665c.2ecc: supR3HardenedDllNotificationCallback: load 00007ffb32250000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
383765c.2ecc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
383865c.2ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32250000 'C:\WINDOWS\system32\mswsock.dll'
383965c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384065c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384165c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384265c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384365c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384465c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384565c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384665c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384765c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384865c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
384965c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385065c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385165c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385265c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385365c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385465c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385565c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385665c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385765c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385865c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
385965c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386065c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386165c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386265c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386365c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386465c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386565c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386665c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386765c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386865c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
386965c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387065c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387165c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387265c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387365c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387465c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387565c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387665c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387765c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387865c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
387965c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
388065c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
388165c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
388265c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
388365c.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30d20000 'C:\WINDOWS\System32\winmm.dll'
388465c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
388565c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32ce0000 'C:\Windows\System32\WINTRUST.DLL'
388665c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\CRYPT32.dll'
388765c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
388865c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
388965c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
389065c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'combase.dll'.
389165c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'shcore.dll'.
389265c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'win32u.dll'.
389365c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'textinputframework.dll'.
389465c.fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
389565c.fdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.UI.dll) WinVerifyTrust
389665c.fdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
389765c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
389865c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
389965c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
390065c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume2\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
390165c.fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
390265c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
390365c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
390465c.fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
390565c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31e70000 'C:\WINDOWS\system32\rsaenh.dll'
390665c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a60000 'C:\WINDOWS\System32\crypt32.dll'
390765c.fdc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
390865c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
390965c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
391065c.fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
391165c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
391265c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
391365c.fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
391465c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
391565c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
391665c.fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
391765c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
391865c.fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
391965c.fdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
392065c.fdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
392165c.fdc: supR3HardenedDllNotificationCallback: load 00007ffb2c740000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
392265c.fdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
392365c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2c740000 'C:\Windows\System32\Windows.UI.dll'
392465c.11d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
392565c.11d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
392665c.11d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2ea00000 'C:\WINDOWS\System32\avrt.dll'
392765c.fdc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
392865c.fdc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
392965c.fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34e70000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
39302c84.c98: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1119381 ms, the end);
3931228c.2444: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1120254 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy