VirtualBox

Ticket #17239: Ubuntu-2017-11-04-14-59-28.log

File Ubuntu-2017-11-04-14-59-28.log, 391.8 KB (added by jim_, 7 years ago)

VirtualBox logs.

Line 
1203c.18f0: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
2203c.18f0: \SystemRoot\System32\ntdll.dll:
3203c.18f0: CreationTime: 2017-09-29T13:41:43.343111100Z
4203c.18f0: LastWriteTime: 2017-09-29T13:41:43.358737200Z
5203c.18f0: ChangeTime: 2017-10-30T09:58:02.722257500Z
6203c.18f0: FileAttributes: 0x20
7203c.18f0: Size: 0x1dd100
8203c.18f0: NT Headers: 0xe0
9203c.18f0: Timestamp: 0x493793ea
10203c.18f0: Machine: 0x8664 - amd64
11203c.18f0: Timestamp: 0x493793ea
12203c.18f0: Image Version: 10.0
13203c.18f0: SizeOfImage: 0x1e0000 (1966080)
14203c.18f0: Resource Dir: 0x174000 LB 0x6a1d8
15203c.18f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16203c.18f0: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17203c.18f0: ProductName: Microsoft® Windows® Operating System
18203c.18f0: ProductVersion: 10.0.16299.15
19203c.18f0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
20203c.18f0: FileDescription: NT Layer DLL
21203c.18f0: \SystemRoot\System32\kernel32.dll:
22203c.18f0: CreationTime: 2017-09-29T13:42:04.954227600Z
23203c.18f0: LastWriteTime: 2017-09-29T13:42:04.954227600Z
24203c.18f0: ChangeTime: 2017-10-30T09:57:47.423774500Z
25203c.18f0: FileAttributes: 0x20
26203c.18f0: Size: 0xab868
27203c.18f0: NT Headers: 0xe8
28203c.18f0: Timestamp: 0xc2cf900
29203c.18f0: Machine: 0x8664 - amd64
30203c.18f0: Timestamp: 0xc2cf900
31203c.18f0: Image Version: 10.0
32203c.18f0: SizeOfImage: 0xae000 (712704)
33203c.18f0: Resource Dir: 0xac000 LB 0x520
34203c.18f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35203c.18f0: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36203c.18f0: ProductName: Microsoft® Windows® Operating System
37203c.18f0: ProductVersion: 10.0.16299.15
38203c.18f0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
39203c.18f0: FileDescription: Windows NT BASE API Client DLL
40203c.18f0: \SystemRoot\System32\KernelBase.dll:
41203c.18f0: CreationTime: 2017-09-29T13:41:43.124345500Z
42203c.18f0: LastWriteTime: 2017-09-29T13:41:43.124345500Z
43203c.18f0: ChangeTime: 2017-10-30T09:57:48.533345200Z
44203c.18f0: FileAttributes: 0x20
45203c.18f0: Size: 0x266000
46203c.18f0: NT Headers: 0xf0
47203c.18f0: Timestamp: 0x4736733c
48203c.18f0: Machine: 0x8664 - amd64
49203c.18f0: Timestamp: 0x4736733c
50203c.18f0: Image Version: 10.0
51203c.18f0: SizeOfImage: 0x266000 (2514944)
52203c.18f0: Resource Dir: 0x245000 LB 0x548
53203c.18f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54203c.18f0: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55203c.18f0: ProductName: Microsoft® Windows® Operating System
56203c.18f0: ProductVersion: 10.0.16299.15
57203c.18f0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
58203c.18f0: FileDescription: Windows NT BASE API Client DLL
59203c.18f0: \SystemRoot\System32\apisetschema.dll:
60203c.18f0: CreationTime: 2017-09-29T13:42:07.095026600Z
61203c.18f0: LastWriteTime: 2017-09-29T13:42:07.095026600Z
62203c.18f0: ChangeTime: 2017-10-30T09:57:18.358199400Z
63203c.18f0: FileAttributes: 0x20
64203c.18f0: Size: 0x1b398
65203c.18f0: NT Headers: 0xc8
66203c.18f0: Timestamp: 0xf30abf31
67203c.18f0: Machine: 0x8664 - amd64
68203c.18f0: Timestamp: 0xf30abf31
69203c.18f0: Image Version: 10.0
70203c.18f0: SizeOfImage: 0x1c000 (114688)
71203c.18f0: Resource Dir: 0x1b000 LB 0x408
72203c.18f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73203c.18f0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74203c.18f0: ProductName: Microsoft® Windows® Operating System
75203c.18f0: ProductVersion: 10.0.16299.15
76203c.18f0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
77203c.18f0: FileDescription: ApiSet Schema DLL
78203c.18f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79203c.18f0: supR3HardenedWinFindAdversaries: 0x0
80203c.18f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81203c.18f0: Calling main()
82203c.18f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83203c.18f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
84203c.18f0: SUPR3HardenedMain: Respawn #1
85203c.18f0: System32: \Device\HarddiskVolume2\Windows\System32
86203c.18f0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
87203c.18f0: KnownDllPath: C:\WINDOWS\System32
88203c.18f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89203c.18f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90203c.18f0: supR3HardNtEnableThreadCreation:
91203c.18f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff94f5191b0 pvNtTerminateThread=00007ff94f540890
92203c.18f0: supR3HardenedWinDoReSpawn(1): New child 28d0.29a0 [kernel32].
93203c.18f0: supR3HardNtChildGatherData: PebBaseAddress=00000000010c8000 cbPeb=0x388
94203c.18f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff94f4a0000 uNtDllChildAddr=00007ff94f4a0000
95203c.18f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff94f5191b0
96203c.18f0: supR3HardenedWinSetupChildInit: Start child.
97203c.18f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98203c.18f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 31 sleeps
99203c.18f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100203c.18f0: *0000000000000000-0000000000e4ffff 0x0001/0x0000 0x0000000
101203c.18f0: *0000000000e50000-0000000000e6ffff 0x0004/0x0004 0x0020000
102203c.18f0: *0000000000e70000-0000000000e88fff 0x0002/0x0002 0x0040000
103203c.18f0: 0000000000e89000-0000000000e8ffff 0x0001/0x0000 0x0000000
104203c.18f0: *0000000000e90000-0000000000f8afff 0x0000/0x0004 0x0020000
105203c.18f0: 0000000000f8b000-0000000000f8dfff 0x0104/0x0004 0x0020000
106203c.18f0: 0000000000f8e000-0000000000f8ffff 0x0004/0x0004 0x0020000
107203c.18f0: *0000000000f90000-0000000000f93fff 0x0002/0x0002 0x0040000
108203c.18f0: 0000000000f94000-0000000000f9ffff 0x0001/0x0000 0x0000000
109203c.18f0: *0000000000fa0000-0000000000fa0fff 0x0004/0x0004 0x0020000
110203c.18f0: 0000000000fa1000-0000000000ffffff 0x0001/0x0000 0x0000000
111203c.18f0: *0000000001000000-00000000010c7fff 0x0000/0x0004 0x0020000
112203c.18f0: 00000000010c8000-00000000010cafff 0x0004/0x0004 0x0020000
113203c.18f0: 00000000010cb000-00000000011fffff 0x0000/0x0004 0x0020000
114203c.18f0: 0000000001200000-000000007ffdffff 0x0001/0x0000 0x0000000
115203c.18f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116203c.18f0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
117203c.18f0: 000000007fff0000-00007ff70a59ffff 0x0001/0x0000 0x0000000
118203c.18f0: *00007ff70a5a0000-00007ff70a5c2fff 0x0002/0x0002 0x0040000
119203c.18f0: 00007ff70a5c3000-00007ff70ab3ffff 0x0001/0x0000 0x0000000
120203c.18f0: *00007ff70ab40000-00007ff70ab40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121203c.18f0: 00007ff70ab41000-00007ff70abb1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122203c.18f0: 00007ff70abb2000-00007ff70abb2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123203c.18f0: 00007ff70abb3000-00007ff70abf8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124203c.18f0: 00007ff70abf9000-00007ff70abf9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
125203c.18f0: 00007ff70abfa000-00007ff70abfafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
126203c.18f0: 00007ff70abfb000-00007ff70abfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
127203c.18f0: 00007ff70ac00000-00007ff70ac00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
128203c.18f0: 00007ff70ac01000-00007ff70ac01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
129203c.18f0: 00007ff70ac02000-00007ff70ac05fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
130203c.18f0: 00007ff70ac06000-00007ff70ac4dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
131203c.18f0: 00007ff70ac4e000-00007ff94f49ffff 0x0001/0x0000 0x0000000
132203c.18f0: *00007ff94f4a0000-00007ff94f4a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
133203c.18f0: 00007ff94f4a1000-00007ff94f5b2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
134203c.18f0: 00007ff94f5b3000-00007ff94f5f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
135203c.18f0: 00007ff94f5f9000-00007ff94f600fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
136203c.18f0: 00007ff94f601000-00007ff94f60efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137203c.18f0: 00007ff94f60f000-00007ff94f60ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138203c.18f0: 00007ff94f610000-00007ff94f612fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139203c.18f0: 00007ff94f613000-00007ff94f67ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140203c.18f0: 00007ff94f680000-00007ffffffdffff 0x0001/0x0000 0x0000000
141203c.18f0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142203c.18f0: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
143203c.18f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144203c.18f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
145203c.18f0: supR3HardNtChildPurify: Done after 357 ms and 0 fixes (loop #0).
146203c.18f0: supR3HardNtEnableThreadCreation:
14728d0.29a0: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
14828d0.29a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff94f4a0000 g_uNtVerCombined=0xa03fab00
14928d0.29a0: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
15028d0.29a0: New simple heap: #1 0000000001300000 LB 0x400000 (for 1966080 allocation)
15128d0.29a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
15228d0.29a0: System32: \Device\HarddiskVolume2\Windows\System32
15328d0.29a0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
15428d0.29a0: KnownDllPath: C:\WINDOWS\System32
15528d0.29a0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15628d0.29a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15728d0.29a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15828d0.29a0: Registered Dll notification callback with NTDLL.
15928d0.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
16028d0.29a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16128d0.29a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
16228d0.29a0: supR3HardenedDllNotificationCallback: load 00007ff94bac0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
16328d0.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
16428d0.29a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
16528d0.29a0: supR3HardenedDllNotificationCallback: load 00007ff94c810000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
16628d0.29a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
16728d0.29a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\KERNEL32.DLL'
16828d0.29a0: supR3HardenedDllNotificationCallback: load 00007ff70ab40000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16928d0.29a0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17028d0.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17128d0.29a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
17228d0.29a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff94f5191b0 pvNtTerminateThread=00007ff94f540890
173203c.18f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
17428d0.29a0: \SystemRoot\System32\ntdll.dll:
17528d0.29a0: CreationTime: 2017-09-29T13:41:43.343111100Z
17628d0.29a0: LastWriteTime: 2017-09-29T13:41:43.358737200Z
17728d0.29a0: ChangeTime: 2017-10-30T09:58:02.722257500Z
17828d0.29a0: FileAttributes: 0x20
17928d0.29a0: Size: 0x1dd100
18028d0.29a0: NT Headers: 0xe0
18128d0.29a0: Timestamp: 0x493793ea
18228d0.29a0: Machine: 0x8664 - amd64
18328d0.29a0: Timestamp: 0x493793ea
18428d0.29a0: Image Version: 10.0
18528d0.29a0: SizeOfImage: 0x1e0000 (1966080)
18628d0.29a0: Resource Dir: 0x174000 LB 0x6a1d8
18728d0.29a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18828d0.29a0: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
18928d0.29a0: ProductName: Microsoft® Windows® Operating System
19028d0.29a0: ProductVersion: 10.0.16299.15
19128d0.29a0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
19228d0.29a0: FileDescription: NT Layer DLL
19328d0.29a0: \SystemRoot\System32\kernel32.dll:
19428d0.29a0: CreationTime: 2017-09-29T13:42:04.954227600Z
19528d0.29a0: LastWriteTime: 2017-09-29T13:42:04.954227600Z
19628d0.29a0: ChangeTime: 2017-10-30T09:57:47.423774500Z
19728d0.29a0: FileAttributes: 0x20
19828d0.29a0: Size: 0xab868
19928d0.29a0: NT Headers: 0xe8
20028d0.29a0: Timestamp: 0xc2cf900
20128d0.29a0: Machine: 0x8664 - amd64
20228d0.29a0: Timestamp: 0xc2cf900
20328d0.29a0: Image Version: 10.0
20428d0.29a0: SizeOfImage: 0xae000 (712704)
20528d0.29a0: Resource Dir: 0xac000 LB 0x520
20628d0.29a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
20728d0.29a0: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
20828d0.29a0: ProductName: Microsoft® Windows® Operating System
20928d0.29a0: ProductVersion: 10.0.16299.15
21028d0.29a0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
21128d0.29a0: FileDescription: Windows NT BASE API Client DLL
21228d0.29a0: \SystemRoot\System32\KernelBase.dll:
21328d0.29a0: CreationTime: 2017-09-29T13:41:43.124345500Z
21428d0.29a0: LastWriteTime: 2017-09-29T13:41:43.124345500Z
21528d0.29a0: ChangeTime: 2017-10-30T09:57:48.533345200Z
21628d0.29a0: FileAttributes: 0x20
21728d0.29a0: Size: 0x266000
21828d0.29a0: NT Headers: 0xf0
21928d0.29a0: Timestamp: 0x4736733c
22028d0.29a0: Machine: 0x8664 - amd64
22128d0.29a0: Timestamp: 0x4736733c
22228d0.29a0: Image Version: 10.0
22328d0.29a0: SizeOfImage: 0x266000 (2514944)
22428d0.29a0: Resource Dir: 0x245000 LB 0x548
22528d0.29a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
22628d0.29a0: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
22728d0.29a0: ProductName: Microsoft® Windows® Operating System
22828d0.29a0: ProductVersion: 10.0.16299.15
22928d0.29a0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
23028d0.29a0: FileDescription: Windows NT BASE API Client DLL
23128d0.29a0: \SystemRoot\System32\apisetschema.dll:
23228d0.29a0: CreationTime: 2017-09-29T13:42:07.095026600Z
23328d0.29a0: LastWriteTime: 2017-09-29T13:42:07.095026600Z
23428d0.29a0: ChangeTime: 2017-10-30T09:57:18.358199400Z
23528d0.29a0: FileAttributes: 0x20
23628d0.29a0: Size: 0x1b398
23728d0.29a0: NT Headers: 0xc8
23828d0.29a0: Timestamp: 0xf30abf31
23928d0.29a0: Machine: 0x8664 - amd64
24028d0.29a0: Timestamp: 0xf30abf31
24128d0.29a0: Image Version: 10.0
24228d0.29a0: SizeOfImage: 0x1c000 (114688)
24328d0.29a0: Resource Dir: 0x1b000 LB 0x408
24428d0.29a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
24528d0.29a0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
24628d0.29a0: ProductName: Microsoft® Windows® Operating System
24728d0.29a0: ProductVersion: 10.0.16299.15
24828d0.29a0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
24928d0.29a0: FileDescription: ApiSet Schema DLL
25028d0.29a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
25128d0.29a0: supR3HardenedWinFindAdversaries: 0x0
25228d0.29a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
25328d0.29a0: Calling main()
25428d0.29a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
25528d0.29a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
25628d0.29a0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
25728d0.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
25828d0.29a0: SUPR3HardenedMain: Respawn #2
25928d0.29a0: supR3HardNtEnableThreadCreation:
26028d0.29a0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
26128d0.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
26228d0.29a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26328d0.29a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26428d0.29a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94f4a0000 'C:\WINDOWS\System32\ntdll.dll'
26528d0.29a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff94f5191b0 pvNtTerminateThread=00007ff94f540890
26628d0.29a0: supR3HardenedWinDoReSpawn(2): New child 193c.170 [kernel32].
26728d0.29a0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
26828d0.29a0: supR3HardNtChildGatherData: PebBaseAddress=0000000000a08000 cbPeb=0x388
26928d0.29a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff94f4a0000 uNtDllChildAddr=00007ff94f4a0000
27028d0.29a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff94f5191b0
27128d0.29a0: supR3HardenedWinSetupChildInit: Start child.
27228d0.29a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
27328d0.29a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
27428d0.29a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
27528d0.29a0: *0000000000000000-00000000009bffff 0x0001/0x0000 0x0000000
27628d0.29a0: *00000000009c0000-00000000009dffff 0x0004/0x0004 0x0020000
27728d0.29a0: *00000000009e0000-00000000009f8fff 0x0002/0x0002 0x0040000
27828d0.29a0: 00000000009f9000-00000000009fffff 0x0001/0x0000 0x0000000
27928d0.29a0: *0000000000a00000-0000000000a07fff 0x0000/0x0004 0x0020000
28028d0.29a0: 0000000000a08000-0000000000a0afff 0x0004/0x0004 0x0020000
28128d0.29a0: 0000000000a0b000-0000000000bfffff 0x0000/0x0004 0x0020000
28228d0.29a0: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
28328d0.29a0: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
28428d0.29a0: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
28528d0.29a0: *0000000000d00000-0000000000d03fff 0x0002/0x0002 0x0040000
28628d0.29a0: 0000000000d04000-0000000000d0ffff 0x0001/0x0000 0x0000000
28728d0.29a0: *0000000000d10000-0000000000d10fff 0x0004/0x0004 0x0020000
28828d0.29a0: 0000000000d11000-000000007ffdffff 0x0001/0x0000 0x0000000
28928d0.29a0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
29028d0.29a0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
29128d0.29a0: 000000007fff0000-00007ff709f2ffff 0x0001/0x0000 0x0000000
29228d0.29a0: *00007ff709f30000-00007ff709f52fff 0x0002/0x0002 0x0040000
29328d0.29a0: 00007ff709f53000-00007ff70ab3ffff 0x0001/0x0000 0x0000000
29428d0.29a0: *00007ff70ab40000-00007ff70ab40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29528d0.29a0: 00007ff70ab41000-00007ff70abb1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29628d0.29a0: 00007ff70abb2000-00007ff70abb2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29728d0.29a0: 00007ff70abb3000-00007ff70abf8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29828d0.29a0: 00007ff70abf9000-00007ff70abf9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29928d0.29a0: 00007ff70abfa000-00007ff70abfafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30028d0.29a0: 00007ff70abfb000-00007ff70abfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30128d0.29a0: 00007ff70ac00000-00007ff70ac00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30228d0.29a0: 00007ff70ac01000-00007ff70ac01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30328d0.29a0: 00007ff70ac02000-00007ff70ac05fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30428d0.29a0: 00007ff70ac06000-00007ff70ac4dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
30528d0.29a0: 00007ff70ac4e000-00007ff94f49ffff 0x0001/0x0000 0x0000000
30628d0.29a0: *00007ff94f4a0000-00007ff94f4a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30728d0.29a0: 00007ff94f4a1000-00007ff94f5b2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30828d0.29a0: 00007ff94f5b3000-00007ff94f5f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30928d0.29a0: 00007ff94f5f9000-00007ff94f600fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31028d0.29a0: 00007ff94f601000-00007ff94f60efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31128d0.29a0: 00007ff94f60f000-00007ff94f60ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31228d0.29a0: 00007ff94f610000-00007ff94f612fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31328d0.29a0: 00007ff94f613000-00007ff94f67ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
31428d0.29a0: 00007ff94f680000-00007ffffffdffff 0x0001/0x0000 0x0000000
31528d0.29a0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
31628d0.29a0: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
31728d0.29a0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
31828d0.29a0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
31928d0.29a0: supR3HardNtChildPurify: Done after 349 ms and 0 fixes (loop #0).
32028d0.29a0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001300000 LB 0x400000)
32128d0.29a0: supR3HardNtEnableThreadCreation:
322193c.170: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
323193c.170: supR3HardenedVmProcessInit: uNtDllAddr=00007ff94f4a0000 g_uNtVerCombined=0xa03fab00
324193c.170: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
325193c.170: New simple heap: #1 0000000000e20000 LB 0x400000 (for 1966080 allocation)
326193c.170: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
327193c.170: System32: \Device\HarddiskVolume2\Windows\System32
328193c.170: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
329193c.170: KnownDllPath: C:\WINDOWS\System32
330193c.170: supR3HardenedVmProcessInit: Opening vboxdrv...
331193c.170: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
332193c.170: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
333193c.170: Registered Dll notification callback with NTDLL.
334193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
335193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
336193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
337193c.170: supR3HardenedDllNotificationCallback: load 00007ff94bac0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
338193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
339193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
340193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c810000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
341193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
342193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\KERNEL32.DLL'
343193c.170: supR3HardenedDllNotificationCallback: load 00007ff70ab40000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
344193c.170: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
345193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
346193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
347193c.170: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff94f5191b0 pvNtTerminateThread=00007ff94f540890
34828d0.29a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 101 ms.
349193c.170: \SystemRoot\System32\ntdll.dll:
350193c.170: CreationTime: 2017-09-29T13:41:43.343111100Z
351193c.170: LastWriteTime: 2017-09-29T13:41:43.358737200Z
352193c.170: ChangeTime: 2017-10-30T09:58:02.722257500Z
353193c.170: FileAttributes: 0x20
354193c.170: Size: 0x1dd100
355193c.170: NT Headers: 0xe0
356193c.170: Timestamp: 0x493793ea
357193c.170: Machine: 0x8664 - amd64
358193c.170: Timestamp: 0x493793ea
359193c.170: Image Version: 10.0
360193c.170: SizeOfImage: 0x1e0000 (1966080)
361193c.170: Resource Dir: 0x174000 LB 0x6a1d8
362193c.170: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
363193c.170: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
364193c.170: ProductName: Microsoft® Windows® Operating System
365193c.170: ProductVersion: 10.0.16299.15
366193c.170: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
367193c.170: FileDescription: NT Layer DLL
368193c.170: \SystemRoot\System32\kernel32.dll:
369193c.170: CreationTime: 2017-09-29T13:42:04.954227600Z
370193c.170: LastWriteTime: 2017-09-29T13:42:04.954227600Z
371193c.170: ChangeTime: 2017-10-30T09:57:47.423774500Z
372193c.170: FileAttributes: 0x20
373193c.170: Size: 0xab868
374193c.170: NT Headers: 0xe8
375193c.170: Timestamp: 0xc2cf900
376193c.170: Machine: 0x8664 - amd64
377193c.170: Timestamp: 0xc2cf900
378193c.170: Image Version: 10.0
379193c.170: SizeOfImage: 0xae000 (712704)
380193c.170: Resource Dir: 0xac000 LB 0x520
381193c.170: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
382193c.170: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
383193c.170: ProductName: Microsoft® Windows® Operating System
384193c.170: ProductVersion: 10.0.16299.15
385193c.170: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
386193c.170: FileDescription: Windows NT BASE API Client DLL
387193c.170: \SystemRoot\System32\KernelBase.dll:
388193c.170: CreationTime: 2017-09-29T13:41:43.124345500Z
389193c.170: LastWriteTime: 2017-09-29T13:41:43.124345500Z
390193c.170: ChangeTime: 2017-10-30T09:57:48.533345200Z
391193c.170: FileAttributes: 0x20
392193c.170: Size: 0x266000
393193c.170: NT Headers: 0xf0
394193c.170: Timestamp: 0x4736733c
395193c.170: Machine: 0x8664 - amd64
396193c.170: Timestamp: 0x4736733c
397193c.170: Image Version: 10.0
398193c.170: SizeOfImage: 0x266000 (2514944)
399193c.170: Resource Dir: 0x245000 LB 0x548
400193c.170: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
401193c.170: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
402193c.170: ProductName: Microsoft® Windows® Operating System
403193c.170: ProductVersion: 10.0.16299.15
404193c.170: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
405193c.170: FileDescription: Windows NT BASE API Client DLL
406193c.170: \SystemRoot\System32\apisetschema.dll:
407193c.170: CreationTime: 2017-09-29T13:42:07.095026600Z
408193c.170: LastWriteTime: 2017-09-29T13:42:07.095026600Z
409193c.170: ChangeTime: 2017-10-30T09:57:18.358199400Z
410193c.170: FileAttributes: 0x20
411193c.170: Size: 0x1b398
412193c.170: NT Headers: 0xc8
413193c.170: Timestamp: 0xf30abf31
414193c.170: Machine: 0x8664 - amd64
415193c.170: Timestamp: 0xf30abf31
416193c.170: Image Version: 10.0
417193c.170: SizeOfImage: 0x1c000 (114688)
418193c.170: Resource Dir: 0x1b000 LB 0x408
419193c.170: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
420193c.170: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
421193c.170: ProductName: Microsoft® Windows® Operating System
422193c.170: ProductVersion: 10.0.16299.15
423193c.170: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
424193c.170: FileDescription: ApiSet Schema DLL
425193c.170: NtOpenDirectoryObject failed on \Driver: 0xc0000022
426193c.170: supR3HardenedWinFindAdversaries: 0x0
427193c.170: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
428193c.170: Calling main()
429193c.170: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
430193c.170: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
431193c.170: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
432193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
433193c.170: SUPR3HardenedMain: Final process, opening VBoxDrv...
434193c.170: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e20000 LB 0x400000)
435193c.170: supR3HardNtEnableThreadCreation:
436193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
437193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
438193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
439193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
440193c.170: supR3HardenedDllNotificationCallback: load 00007ff949b80000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
441193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
442193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
443193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
444193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
445193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
446193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
447193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
448193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
449193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
450193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
451193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
452193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
453193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
454193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
455193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
456193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
457193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
458193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
459193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
460193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
461193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
462193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
463193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
464193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
465193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
466193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
467193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
468193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
469193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
470193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
471193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
472193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
473193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
474193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
475193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
476193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c360000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
477193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
478193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b090000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
479193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
480193c.170: supR3HardenedDllNotificationCallback: load 00007ff94bdb0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
481193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
482193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
483193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b0d0000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
484193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
485193c.170: supR3HardenedDllNotificationCallback: load 00007ff94ce30000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
486193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
487193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c280000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
488193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
489193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
490193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
491193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c400000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
492193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
493193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
494193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
495193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
496193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
497193c.170: supR3HardenedDllNotificationCallback: load 00007ff94ba60000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
498193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
499193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
500193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
501193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
502193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
503193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
504193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
505193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
506193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
507193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
508193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
509193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
510193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
511193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
512193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
513193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-l1-2-1'
514193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\WINDOWS\system32\Wintrust.dll'
515193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
516193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
517193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
518193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
519193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
520193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
521193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
522193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
523193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
524193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
525193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
526193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
527193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
528193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
529193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
530193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
531193c.170: supR3HardenedDllNotificationCallback: load 00007ff94ab80000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
532193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
533193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ab80000 'C:\WINDOWS\system32\bcrypt.dll'
534193c.170: bcrypt.dll loaded at 00007ff94ab80000, BCryptOpenAlgorithmProvider at 00007ff94ab82590, preloading providers:
535193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
536193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
537193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
538193c.170: supR3HardenedDllNotificationCallback: load 00007ff94bd30000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
539193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
540193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bd30000 'C:\WINDOWS\system32\bcryptprimitives.dll'
541193c.170: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000032954c0)
542193c.170: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000329fab0)
543193c.170: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000329fd80)
544193c.170: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000032a0050)
545193c.170: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000032a0320)
546193c.170: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000032a05f0)
547193c.170: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000032a08c0)
548193c.170: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000032a0b90)
549193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
550193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
551193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
552193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
553193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
554193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
555193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
556193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
557193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
558193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
559193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
560193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
561193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
562193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
563193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
564193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
565193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
566193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
567193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
568193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
569193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
570193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
571193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
572193c.170: supR3HardenedDllNotificationCallback: load 00007ff94aa70000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
573193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
574193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
575193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
576193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
577193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
578193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
579193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
580193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
581193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
582193c.170: supR3HardenedDllNotificationCallback: load 00007ff94a4c0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
583193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
584193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
585193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
586193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
587193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
588193c.170: supR3HardenedDllNotificationCallback: load 00007ff94aa90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
589193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
590193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
591193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
592193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
593193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
594193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
595193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\kernel32.dll'
596193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
597193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
598193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
599193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
600193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\CRYPT32.dll'
601193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d8c0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
602193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
603193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
604193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
605193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
606193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
607193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
608193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
609193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
610193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
611193c.170: supR3HardenedDllNotificationCallback: load 00007ff949eb0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
612193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
613193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b020000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
614193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
615193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
616193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
617193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
618193c.170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
619193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
620193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
621193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
622193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
623193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
624193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
625193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
626193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
627193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
628193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
629193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
630193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
631193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
632193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
633193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
634193c.170: supR3HardenedDllNotificationCallback: load 00007ff93a160000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
635193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
636193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
637193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
638193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
639193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
640193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
641193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
642193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
643193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
644193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
645193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
646193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
647193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
648193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
649193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
650193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
651193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
652193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
653193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
654193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
655193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
656193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
657193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
658193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
659193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
660193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
661193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
662193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
663193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
664193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\WINDOWS\System32\cryptnet.dll'
665193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
666193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\Windows\System32\cryptnet.dll'
667193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
668193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
669193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
670193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
671193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
672193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
673193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
674193c.170: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000032ea9a0
675193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
676193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E2E4DE0C5BD65756637B6F71B7BAE24CF704BFD
677193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
678193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
679193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ce30000 'C:\WINDOWS\System32\rpcrt4.dll'
680193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
681193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
682193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
683193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
684193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
685193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
686193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
687193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
688193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
689193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
690193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
691193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
692193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
693193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
694193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
695193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
696193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
697193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
698193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
699193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
700193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
701193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\SystemRoot\System32\ntdll.dll'
702193c.170: g_pfnWinVerifyTrust=00007ff94ba66bc0
703193c.170: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
704193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
705193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
706193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
707193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
708193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
709193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
710193c.170: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
711193c.170: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
712193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
713193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
714193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
715193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
716193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
717193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
718193c.170: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
719193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
720193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
721193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
722193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
723193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
724193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
725193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
726193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
727193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
728193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
729193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
730193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
731193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
732193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
733193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
734193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
735193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
736193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
737193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
738193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
739193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
740193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
741193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
742193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
743193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
744193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
745193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
746193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
747193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
748193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
749193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
750193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
751193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
752193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
753193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
754193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
755193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
756193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
757193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
758193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
759193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
760193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
761193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
762193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
763193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
764193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
765193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
766193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
767193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
768193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
769193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
770193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
771193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
772193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
773193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
774193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
775193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
776193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
777193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
778193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
779193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
780193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
781193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
782193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
783193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
784193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
785193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
786193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
787193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
788193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
789193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
790193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
791193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\system32\crypt32.dll'
792193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
793193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
794193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
795193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
796193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
797193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
798193c.170: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Seattle, O=WatchGuard Technologies, Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=WatchGuard Technologies, Inc.
799193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
800193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
801193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
802193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
803193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
804193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
805193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
806193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
807193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
808193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
809193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
810193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
811193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
812193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
813193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
814193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
815193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
816193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
817193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
818193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
819193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
820193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
821193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
822193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
823193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
824193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
825193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
826193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
827193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
828193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
829193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
830193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
831193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
832193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
833193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
834193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x65b9be6e08cdb300 O=WatchGuard_Technologies, OU=Fireware, CN=Fireware HTTPS Proxy (SN 80BE070442C05 2013-09-10 00:50:54 GMT) CA
835193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x26dee21c613fbc00 DC=com, DC=cgglobal, CN=cgglobal-CGIN200-CA
836193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x72caa2dcf436b700 DC=com, DC=cgglobal, CN=cgglobal-INRADIUS-CA
837193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x4cec7a251ca3ec00 DC=com, DC=cgglobal, CN=cgglobal-INRADIUS-CA
838193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0xa9c718ce7bbac400 DC=com, DC=cgglobal, CN=cgglobal-PSAM037-CA
839193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x1a4f405ff8be8d00 DC=com, DC=cgglobal, CN=cgglobal-ESHU-WTS-CA
840193c.170: supR3HardenedWinIsDesiredRootCA: Adding 0x7c65298fe8a69d00 DC=com, DC=cgglobal, CN=cgglobal-PKIROOT-CA
841193c.170: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=48
842193c.170: SUPR3HardenedMain: Load Runtime...
843193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
844193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
845193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
846193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
847193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
848193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
849193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
850193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
851193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
852193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
853193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
854193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
855193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
856193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
857193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
858193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
859193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
860193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
861193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
862193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
863193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
864193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
865193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
866193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
867193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
868193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
869193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
870193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
871193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
872193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
873193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
874193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
875193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
876193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
877193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
878193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
879193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
880193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
881193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
882193c.170: supR3HardenedDllNotificationCallback: load 00000000626b0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
883193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
884193c.170: supR3HardenedDllNotificationCallback: load 0000000062790000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
885193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
886193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d4e0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
887193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
888193c.170: supR3HardenedDllNotificationCallback: load 00007ff917f40000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
889193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
890193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
891193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
892193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
893193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
894193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
895193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
896193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
897193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
898193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
899193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
900193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
901193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
902193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
903193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
904193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
905193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
906193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
907193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
908193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
909193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
910193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
911193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
912193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
913193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
914193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
915193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
916193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
917193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
918193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
919193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
920193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
921193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
922193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
923193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
924193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
925193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
926193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
927193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
928193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
929193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
930193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
931193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
932193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
933193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
934193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
935193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
936193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
937193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
938193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
939193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
940193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
941193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\WINDOWS\system32\Wintrust.dll'
942193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
943193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
944193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
945193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
946193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
947193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
948193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\system32\crypt32.dll'
949193c.170: SUPR3HardenedMain: Load TrustedMain...
950193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
951193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
952193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
953193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
954193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
955193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
956193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
957193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
958193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
959193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
960193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
961193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
962193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
963193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
964193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
965193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
966193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
967193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
968193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
969193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
970193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
971193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
972193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
973193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
974193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
975193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
976193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
977193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
978193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
979193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
980193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
981193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
982193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
983193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
984193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
985193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
986193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
987193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
988193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
989193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
990193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
991193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
992193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
993193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
994193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
995193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
996193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
997193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
998193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
999193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1000193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1001193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1002193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1003193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1004193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1005193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1006193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1007193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1008193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1009193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1010193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1011193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1012193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1013193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1014193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1015193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1016193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1017193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1018193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1019193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1020193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1021193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1022193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1023193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1024193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
1025193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
1026193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
1027193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1028193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1029193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1030193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1031193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1032193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1033193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1034193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1035193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1036193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1037193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1038193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1039193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1040193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1041193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1042193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1043193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1044193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1045193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1046193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1047193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1048193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1049193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1050193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1051193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1052193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1053193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1054193c.170: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1055193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1056193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1057193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1058193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1059193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1060193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
1061193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
1062193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1063193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1064193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1065193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1066193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1067193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1068193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1069193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1070193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1071193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1072193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1073193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1074193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1075193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1076193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1077193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1078193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1079193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1080193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1081193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1082193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1083193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1084193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1085193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1086193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1087193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1088193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1089193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1090193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1091193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1092193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1093193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1094193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1095193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1096193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1097193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1098193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1099193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1100193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1101193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1102193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1103193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1104193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1105193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1106193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1107193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1108193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1109193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1110193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1111193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1112193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1113193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1114193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1115193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1116193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1117193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1118193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1119193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1120193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1121193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1122193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1123193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1124193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1125193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1126193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1127193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1128193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1129193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1130193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1131193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1132193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1133193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1134193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1135193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1136193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1137193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1138193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1139193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1140193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1141193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1142193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1143193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1144193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1145193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1146193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1147193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1148193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1149193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1150193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1151193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1152193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1153193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1154193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1155193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1156193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1157193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1158193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1159193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1160193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1161193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1162193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1163193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1164193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1165193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1166193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1167193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1168193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1169193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1170193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1171193c.170: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1172193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1173193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1174193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1175193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1176193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1177193c.170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1178193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1179193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1180193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1181193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1182193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1183193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1184193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1185193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1186193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1187193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1188193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1189193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1190193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1191193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1192193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1193193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1194193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1195193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1196193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1197193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1198193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1199193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1200193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1201193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1202193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1203193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1204193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1205193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1206193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1207193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1208193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1209193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1210193c.170: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1211193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1212193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1213193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1214193c.170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1215193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1216193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1217193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1218193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1219193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1220193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1221193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1222193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1223193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1224193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1225193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1226193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1227193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1228193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1229193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1230193c.170: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1231193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1232193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1233193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1234193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1235193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1236193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1237193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1238193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1239193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1240193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1241193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1242193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1243193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1244193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1245193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1246193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1247193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1248193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1249193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1250193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1251193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1252193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1253193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1254193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1255193c.170: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1256193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1257193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
1258193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
1259193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1260193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
1261193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
1262193c.170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1263193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1264193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1265193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1266193c.170: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1267193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1268193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
1269193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
1270193c.170: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1271193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1272193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1273193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1274193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1275193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1276193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1277193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1278193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1279193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1280193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1281193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1282193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1283193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1284193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1285193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1286193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1287193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1288193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1289193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1290193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1291193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1292193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1293193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)
1294193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1295193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1296193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1297193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1298193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1299193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1300193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1301193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1302193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1303193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1304193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1305193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1306193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1307193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1308193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1309193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1310193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1311193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1312193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1313193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1314193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1315193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
1316193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
1317193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1318193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1319193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1320193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1321193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1322193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1323193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1324193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1325193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1326193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1327193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1328193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1329193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1330193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1331193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1332193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1333193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1334193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1335193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1336193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1337193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1338193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1339193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1340193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1341193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1342193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1343193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1344193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1345193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1346193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1347193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1348193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1349193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1350193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1351193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1352193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1353193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1354193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1355193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1356193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1357193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1358193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1359193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1360193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1361193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1362193c.170: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1363193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1364193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
1365193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
1366193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
1367193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1368193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1369193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1370193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1371193c.170: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1372193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1373193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1374193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1375193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1376193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1377193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1378193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1379193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1380193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1381193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1382193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1383193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1384193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1385193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1386193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1387193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\comctl32.dll)
1388193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\comctl32.dll
1389193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1390193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1391193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b2a0000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1392193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1393193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c050000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1394193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1395193c.170: supR3HardenedDllNotificationCallback: load 00007ff94beb0000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1396193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1397193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1398193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1399193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1400193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1401193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1402193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d1a0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1403193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1404193c.170: supR3HardenedDllNotificationCallback: load 00007ff94cca0000 LB 0x0018e000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1405193c.170: supR3HardenedDllNotificationCallback: load 00007ff93fcf0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1406193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1407193c.170: supR3HardenedDllNotificationCallback: load 00007ff92f040000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1408193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1409193c.170: supR3HardenedDllNotificationCallback: load 00007ff94ba10000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1410193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1411193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1412193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d1d0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1413193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1414193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c8c0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1415193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1416193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
1417193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1418193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1419193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1420193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c4b0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1421193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1422193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b0b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1423193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1424193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1425193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1426193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1427193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b040000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1428193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1429193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1430193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1431193c.170: supR3HardenedDllNotificationCallback: load 00007ff94b2c0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1432193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1433193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1434193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
1435193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
1436193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1437193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1438193c.170: supR3HardenedDllNotificationCallback: load 00007ff94dd30000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1439193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1440193c.170: supR3HardenedDllNotificationCallback: load 00007ff94cfb0000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1441193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1442193c.170: supR3HardenedDllNotificationCallback: load 00007ff938880000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1443193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1444193c.170: supR3HardenedDllNotificationCallback: load 0000000062140000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1445193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1446193c.170: supR3HardenedDllNotificationCallback: load 00007ff914f70000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1447193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1448193c.170: supR3HardenedDllNotificationCallback: load 0000000061bd0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1449193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1450193c.170: supR3HardenedDllNotificationCallback: load 00007ff94a640000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
1451193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1452193c.170: supR3HardenedDllNotificationCallback: load 00007ff939e00000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1453193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1454193c.170: supR3HardenedDllNotificationCallback: load 00007ff92d9e0000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\COMCTL32.dll [fFlags=0x0]
1455193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\comctl32.dll [avoiding WinVerifyTrust]
1456193c.170: supR3HardenedDllNotificationCallback: load 00007ff94f170000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1457193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1458193c.170: supR3HardenedDllNotificationCallback: load 00007ff949650000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1459193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1460193c.170: supR3HardenedDllNotificationCallback: load 0000000061b70000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1461193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1462193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c1a0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1463193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1464193c.170: supR3HardenedDllNotificationCallback: load 00007ff949290000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1465193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1466193c.170: supR3HardenedDllNotificationCallback: load 00007ff9492f0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1467193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1468193c.170: supR3HardenedDllNotificationCallback: load 00007ff917570000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1469193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1470193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1471193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1472193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1473193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1474193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1475193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1476193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1477193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1478193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1479193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1480193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1481193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1482193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\comctl32.dll'.
1483193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.19_none_e48015d00334ec58\comctl32.dll' [rescheduled]
1484193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1485193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1486193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1487193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1488193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1489193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' [rescheduled]
1490193c.170: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1491193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1492193c.170: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1493193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1494193c.170: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1495193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1496193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1497193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1498193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1499193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1500193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1501193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1502193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1503193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1504193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1505193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1506193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1507193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1508193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1509193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1510193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1511193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1512193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1513193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1514193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1515193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1516193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1517193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1518193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1519193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1520193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1521193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1522193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1523193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1524193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1525193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1526193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1527193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1528193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1529193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1530193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1531193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1532193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1533193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1534193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1535193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1536193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1537193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1538193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1539193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1540193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1541193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1542193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1543193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1544193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1545193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1546193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1547193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1548193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1549193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1550193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1551193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1552193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1553193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1554193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1555193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1556193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1557193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1558193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1559193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1560193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1561193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1562193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1563193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1564193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\kernel32.dll'
1565193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1566193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1567193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-string-l1-1-0'
1568193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1569193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1570193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-datetime-l1-1-1'
1571193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1572193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1573193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1574193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1575193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1576193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
1577193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1578193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1579193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1580193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1581193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1582193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1583193c.170: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1584193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1585193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1586193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1587193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d550000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1588193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1589193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d550000 'C:\WINDOWS\system32\IMM32.DLL'
1590193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1591193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1592193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL'.
1593193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'psapi.dll'.
1594193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1595193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL)
1596193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL
1597193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1598193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1599193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1600193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
1601193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
1602193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
1603193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
1604193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
1605193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1606193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL [avoiding WinVerifyTrust]
1607193c.170: supR3HardenedDllNotificationCallback: load 00007ff94cae0000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
1608193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
1609193c.170: supR3HardenedDllNotificationCallback: load 0000000063de0000 LB 0x00039000 C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [fFlags=0x0]
1610193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL [avoiding WinVerifyTrust]
1611193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
1612193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rescheduled]
1613193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL'.
1614193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL' [rescheduled]
1615193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
1616193c.170: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1617193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
1618193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1619193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1620193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94f4a0000 'C:\WINDOWS\System32\ntdll.dll'
1621193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
1622193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' [rescheduled]
1623193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000063de0000 'C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL'
1624193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1625193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1626193c.170: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
1627193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1628193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d550000 'C:\WINDOWS\System32\imm32.dll'
1629193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1630193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1631193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c400000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1632193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917570000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1633193c.170: SUPR3HardenedMain: Calling TrustedMain (00007ff9175714f0)...
1634193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1635193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1636193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1637193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1638193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1639193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1640193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1641193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1642193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1643193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1644193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1645193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1646193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1647193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1648193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1649193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1650193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1651193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1652193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1653193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1654193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1655193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1656193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1657193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1658193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1659193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1660193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1661193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1662193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1663193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1664193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1665193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1666193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1667193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1668193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1669193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1670193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1671193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1672193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1673193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1674193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1675193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1676193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1677193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1678193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1679193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1680193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1681193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1682193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1683193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1684193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1685193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1686193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1687193c.170: supR3HardenedDllNotificationCallback: load 00007ff92a8a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1688193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1689193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a8a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1690193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000694 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1691193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
1692193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
1693193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
1694193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1695193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1696193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1697193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1698193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1699193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1700193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
1701193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1702193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1703193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1704193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1705193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1706193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1707193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1708193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1709193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1710193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1711193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1712193c.170: supR3HardenedDllNotificationCallback: load 00007ff949500000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
1713193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1714193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949500000 'C:\WINDOWS\system32\uxtheme.dll'
1715193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94cca0000 'C:\WINDOWS\system32\user32.dll'
1716193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1717193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1718193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94dd30000 'C:\WINDOWS\system32\shell32.dll'
1719193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1720193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1721193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1722193c.170: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1723193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1724193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c8c0000 'C:\WINDOWS\system32\SHCore.dll'
1725193c.170: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
1726193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
1727193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1728193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
1729193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1730193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1731193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
1732193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1733193c.170: supR3HardenedDllNotificationCallback: load 00007ff949810000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
1734193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1735193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1736193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1737193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1738193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1739193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1740193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1741193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1742193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1743193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1744193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1745193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1746193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1747193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1748193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1749193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\system32\winmm.dll'
1750193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1751193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1752193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\system32\winmm.dll'
1753193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1754193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1755193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94dd30000 'C:\WINDOWS\system32\shell32.dll'
1756193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1757193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1758193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949500000 'C:\WINDOWS\system32\uxtheme.dll'
1759193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1760193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1761193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c400000 'C:\WINDOWS\system32\advapi32.dll'
1762193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1763193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1764193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1765193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
1766193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
1767193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1768193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1769193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1770193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1771193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1772193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1773193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1774193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1775193c.170: supR3HardenedDllNotificationCallback: load 00007ff94af50000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
1776193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1777193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94af50000 'C:\WINDOWS\system32\userenv.dll'
1778193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1779193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1780193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\kernel32.dll'
1781193c.170: supR3HardenedDllNotificationCallback: load 00007ff94d100000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
1782193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1783193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1784193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
1785193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1786193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1787193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1788193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1789193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1790193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1791193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1792193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1793193c.13b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1794193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1795193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1796193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1797193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1798193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1799193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1800193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1801193c.13b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1802193c.13b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1803193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1804193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1805193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1806193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1807193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1808193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1809193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1810193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1811193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1812193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1813193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1814193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1815193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1816193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1817193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1818193c.13b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1819193c.13b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1820193c.13b8: supR3HardenedDllNotificationCallback: load 00007ff906670000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1821193c.13b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1822193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906670000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1823193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1824193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1825193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1826193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1827193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1828193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1829193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1830193c.13b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1831193c.13b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1832193c.13b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1833193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1834193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1835193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1836193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1837193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1838193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1839193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1840193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1841193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1842193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1843193c.13b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1844193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1845193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1846193c.13b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1847193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1848193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1849193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1850193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1851193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1852193c.13b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1853193c.13b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1854193c.13b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1855193c.13b8: supR3HardenedDllNotificationCallback: load 00007ff9174b0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1856193c.13b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1857193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9174b0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1858193c.13b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1859193c.13b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1860193c.13b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c1a0000 'C:\Windows\System32\oleaut32.dll'
1861193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1862193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1863193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\system32\gdi32.dll'
1864193c.1d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1865193c.1d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1866193c.1d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1867193c.1d78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1868193c.1d78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1869193c.1d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
1870193c.1d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1871193c.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1872193c.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1873193c.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1874193c.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1875193c.1d78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1876193c.1d78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1877193c.1d78: supR3HardenedDllNotificationCallback: load 00007ff949b60000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
1878193c.1d78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1879193c.1d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949b60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
1880193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1881193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1882193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94dd30000 'C:\WINDOWS\system32\shell32.dll'
1883193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
1884193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1885193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1886193c.170: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'
1887193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1888193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94f4a0000 'C:\WINDOWS\System32\ntdll.dll'
1889193c.170: supR3HardenedDllNotificationCallback: load 00007ff94c970000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
1890193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1891193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
1892193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
1893193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1894193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
1895193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1896193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1897193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1898193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1899193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1900193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1901193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1902193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1903193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1904193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1905193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1906193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1907193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1908193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1909193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1910193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1911193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1912193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1913193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
1914193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
1915193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
1916193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1917193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1918193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
1919193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1920193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1921193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
1922193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
1923193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
1924193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
1925193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
1926193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1927193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
1928193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
1929193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1930193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1931193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1932193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1933193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
1934193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1935193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
1936193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
1937193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1938193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1939193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1940193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1941193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1942193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1943193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1944193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1945193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1946193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1947193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
1948193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
1949193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
1950193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1951193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1952193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1953193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1954193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1955193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1956193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1957193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1958193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1959193c.170: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
1960193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1961193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
1962193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
1963193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
1964193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1965193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1966193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1967193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1968193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1969193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1970193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1971193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
1972193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
1973193c.170: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1974193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1975193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1976193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1977193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1978193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1979193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1980193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1981193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1982193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1983193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1984193c.170: supR3HardenedDllNotificationCallback: load 00007ff949f80000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
1985193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1986193c.170: supR3HardenedDllNotificationCallback: load 00007ff947f80000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
1987193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1988193c.170: supR3HardenedDllNotificationCallback: load 00007ff948910000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
1989193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1990193c.170: supR3HardenedDllNotificationCallback: load 00007ff9398b0000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
1991193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1992193c.170: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
1993193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
1994193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
1995193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9398b0000 'C:\WINDOWS\system32\dataexchange.dll'
1996193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1997193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
1998193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1999193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
2000193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
2001193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2002193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2003193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2004193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2005193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
2006193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
2007193c.170: supR3HardenedDllNotificationCallback: load 00007ff949900000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
2008193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2009193c.170: supR3HardenedDllNotificationCallback: load 00007ff9499e0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2010193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2011193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2012193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
2013193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
2014193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2015193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2016193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2017193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2018193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
2019193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2020193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2021193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2022193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2023193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2024193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2025193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2026193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2027193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
2028193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
2029193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
2030193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2031193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2032193c.170: supR3HardenedDllNotificationCallback: load 00007ff94a270000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2033193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2034193c.170: supR3HardenedDllNotificationCallback: load 00007ff948830000 LB 0x000dd000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2035193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2036193c.170: supR3HardenedDllNotificationCallback: load 00007ff947680000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2037193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2038193c.170: supR3HardenedDllNotificationCallback: load 00007ff946800000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2039193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2040193c.170: supR3HardenedDllNotificationCallback: load 00007ff946b80000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2041193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2042193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2043193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2044193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2045193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2046193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2047193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2048193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2049193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2050193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2051193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2052193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2053193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2054193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2055193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2056193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2057193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2058193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2059193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2060193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2061193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2062193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2063193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2064193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2065193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2066193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2067193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2068193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2069193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2070193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2071193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2072193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2073193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2074193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2075193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2076193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2077193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2078193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2079193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2080193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2081193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2082193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2083193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2084193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2085193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2086193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2087193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2088193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2089193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2090193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2091193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2092193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2093193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2094193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2095193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2096193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2097193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2098193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2099193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2100193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2101193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2102193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2103193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2104193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
2105193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2106193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2107193c.170: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2108193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2109193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2110193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c1a0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2111193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2112193c.170: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2113193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94cca0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2114193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2115193c.170: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2116193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94cca0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2117193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2118193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2119193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1d0000 'api-ms-win-core-com-l1-1-0.dll'
2120193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2121193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2122193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c970000 'C:\WINDOWS\System32\MSCTF.dll'
2123193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2124193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2125193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94cfb0000 'C:\WINDOWS\System32\ole32.dll'
2126193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2127193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2128193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c1a0000 'C:\WINDOWS\System32\OLEAUT32.dll'
2129193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2130193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
2131193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
2132193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
2133193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2134193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2135193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2136193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2137193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2138193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2139193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2140193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2141193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2142193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2143193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2144193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b50 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2145193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
2146193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
2147193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
2148193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2149193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2150193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2151193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2152193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2153193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2154193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2155193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2156193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2157193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2158193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2159193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2160193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2161193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2162193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2163193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2164193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2165193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2166193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2167193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2168193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2169193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2170193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2171193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2172193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2173193c.170: supR3HardenedDllNotificationCallback: load 00007ff942120000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2174193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2175193c.170: supR3HardenedDllNotificationCallback: load 00007ff941c30000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2176193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2177193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2178193c.170: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2179193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2180193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff941c30000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2181193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b7c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2182193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
2183193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
2184193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331
2185193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2186193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2187193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2188193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2189193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2190193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2191193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2192193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2193193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2194193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2195193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2196193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2197193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2198193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2199193c.170: supR3HardenedDllNotificationCallback: load 00007ff941750000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2200193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2201193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff941750000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2202193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2203193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2204193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-l1-2-0.dll'
2205193c.170: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2206193c.170: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2207193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2208193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b98 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2209193c.170: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
2210193c.170: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
2211193c.170: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
2212193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2213193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2214193c.170: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2215193c.170: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2216193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2217193c.170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
2218193c.170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2219193c.170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2220193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2221193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2222193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2223193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2224193c.170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2225193c.170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2226193c.170: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2227193c.170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2228193c.170: supR3HardenedDllNotificationCallback: load 00007ff941770000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2229193c.170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2230193c.170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff941770000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2231193c.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2232193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2233193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2234193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2235193c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2236193c.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2237193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2238193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2239193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2240193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2241193c.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2242193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2243193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2244193c.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2245193c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2246193c.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2247193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2248193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2249193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2250193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2251193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2252193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2253193c.1160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2254193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2255193c.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2256193c.1160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2257193c.1160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2258193c.1160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2259193c.1160: supR3HardenedDllNotificationCallback: load 0000000062a70000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2260193c.1160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2261193c.1160: supR3HardenedDllNotificationCallback: load 00007ff916930000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2262193c.1160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2263193c.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2264193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2265193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c5c pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2266193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
2267193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
2268193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F30E80B88384D221750DC79ADCE84BDFB8A5A73A
2269193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2270193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2271193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
2272193c.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2273193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2274193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2275193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'oleaut32.dll'.
2276193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'ws2_32.dll'.
2277193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'netsetupapi.dll'.
2278193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'setupapi.dll'.
2279193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2280193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2281193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2282193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2283193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2284193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2285193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2286193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2287193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
2288193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2289193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2290193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2291193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2292193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2293193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2294193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2295193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2296193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2297193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2298193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2299193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2300193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2301193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2302193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2303193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2304193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2305193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2306193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2307193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2308193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2309193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2310193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2311193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2312193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2313193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2314193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2315193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2316193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2317193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2318193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2319193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2320193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2321193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2322193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2323193c.3628: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
2324193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2325193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2326193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2327193c.3628: supR3HardenedDllNotificationCallback: load 00007ff941eb0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2328193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2329193c.3628: supR3HardenedDllNotificationCallback: load 00007ff94d8e0000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
2330193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2331193c.3628: supR3HardenedDllNotificationCallback: load 00007ff941da0000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2332193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2333193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff941da0000 'C:\Windows\System32\NetSetupShim.dll'
2334193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2335193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2336193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2337193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2338193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
2339193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
2340193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
2341193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2342193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2343193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2344193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2345193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2346193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2347193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2348193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2349193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2350193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2351193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2352193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2353193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2354193c.3628: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
2355193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2356193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2357193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2358193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2359193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2360193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2361193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
2362193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2363193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2364193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2365193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2366193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2367193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2368193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2369193c.3628: supR3HardenedDllNotificationCallback: load 00007ff94c270000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2370193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
2371193c.3628: supR3HardenedDllNotificationCallback: load 00007ff9475e0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2372193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2373193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92f7d0000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
2374193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2375193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f7d0000 'C:\Windows\System32\NetSetupEngine.dll'
2376193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2377193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2378193c.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2379193c.5c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2380193c.5c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2381193c.5c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2382193c.5c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2383193c.5c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2384193c.5c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2385193c.5c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2386193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2387193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2388193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2389193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2390193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2391193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2392193c.5c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2393193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2394193c.5c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2395193c.5c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2396193c.5c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2397193c.5c8: supR3HardenedDllNotificationCallback: load 00007ff949640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2398193c.5c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2399193c.5c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949640000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2400193c.5c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94cca0000 'C:\WINDOWS\system32\User32.dll'
2401193c.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2402193c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2403193c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2404193c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2405193c.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2406193c.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2407193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2408193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2409193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2410193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2411193c.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2412193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2413193c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2414193c.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2415193c.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2416193c.17c0: supR3HardenedDllNotificationCallback: load 00007ff949620000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2417193c.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2418193c.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949620000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2419193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2420193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2421193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2422193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2423193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2424193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2425193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2426193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2427193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2428193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2429193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2430193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2431193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2432193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2433193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2434193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2435193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2436193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2437193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2438193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2439193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2440193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2441193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2442193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2443193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2444193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2445193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2446193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2447193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2448193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2449193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2450193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2451193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2452193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2453193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2454193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2455193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2456193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2457193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2458193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2459193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2460193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2461193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2462193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2463193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2464193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2465193c.2a80: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
2466193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2467193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2468193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2469193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2470193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
2471193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2472193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2473193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2474193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2475193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2476193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2477193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2478193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2479193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2480193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2481193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2482193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2483193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2484193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2485193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2486193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2487193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2488193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2489193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2490193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2491193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2492193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2493193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2494193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2495193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2496193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2497193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2498193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2499193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2500193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2501193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2502193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2503193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2504193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2505193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2506193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2507193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff93ffa0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2508193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2509193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff93ff70000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2510193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2511193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff91b670000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2512193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2513193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91b670000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2514193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2515193c.2a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
2516193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2517193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2518193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ff70000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2519193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2520193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2521193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2522193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2523193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2524193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2525193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2526193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2527193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2528193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2529193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2530193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2531193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff947330000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2532193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2533193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947330000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2534193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2535193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2536193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\system32/opengl32.dll'
2537193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2538193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2539193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2540193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2541193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2542193c.2a80: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll: Owner is administrators group.
2543193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2544193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2545193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shell32.dll'.
2546193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'opengl32.dll'.
2547193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2548193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2549193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2550193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
2551193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'dxgi.dll'.
2552193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
2553193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll) WinVerifyTrust
2554193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll
2555193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2556193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2557193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2558193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2559193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2560193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [redoing WinVerifyTrust]
2561193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2562193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2563193c.2a80: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
2564193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2565193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2566193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2567193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2568193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2569193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
2570193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2571193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2572193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2573193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2574193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2575193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2576193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2577193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2578193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2579193c.2a80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2580193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2581193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2582193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2583193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2584193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2585193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll
2586193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2587193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff949950000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
2588193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2589193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff905790000 LB 0x00ed9000 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll [fFlags=0x0]
2590193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll
2591193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2592193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2593193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
2594193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2595193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2596193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
2597193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2598193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2599193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
2600193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2601193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2602193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
2603193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
2604193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2605193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-l1-2-1'
2606193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2607193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2608193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c810000 'C:\WINDOWS\System32\kernel32.dll'
2609193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
2610193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2611193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-string-l1-1-0'
2612193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
2613193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2614193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-datetime-l1-1-1'
2615193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
2616193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2617193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-obsolete-l1-2-0'
2618193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905790000 'C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll'
2619193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2620193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
2621193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2622193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2623193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
2624193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll)
2625193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll
2626193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff949920000 LB 0x00022000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
2627193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
2628193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff949920000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
2629193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2630193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2631193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2632193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2633193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2634193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2635193c.2a80: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll'
2636193c.2a80: supR3HardenedDllNotificationCallback: Unload 00007ff949920000 LB 0x00022000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [flags=0x0]
2637193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2638193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2639193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2640193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2641193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2642193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2643193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2644193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2645193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2646193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2647193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2648193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2649193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2650193c.2a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2651193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
2652193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2653193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2654193c.2a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2655193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2656193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2657193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff93b750000 LB 0x0000a000 C:\WINDOWS\System32\version.dll [fFlags=0x0]
2658193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2659193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93b750000 'C:\WINDOWS\System32\version.dll'
2660193c.2a80: supR3HardenedDllNotificationCallback: Unload 00007ff93b750000 LB 0x0000a000 C:\WINDOWS\System32\version.dll [flags=0x0]
2661193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2662193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94d1a0000 'C:\WINDOWS\System32\gdi32.dll'
2663193c.2a80: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Oracle\VirtualBox\igc64.dll': 0 (NtPath=\??\C:\Program Files\Oracle\VirtualBox\igc64.dll; Input=C:\Program Files\Oracle\VirtualBox\igc64.dll; rcNtGetDll=0x0
2664193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Oracle\VirtualBox\igc64.dll'
2665193c.2a80: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll: Owner is administrators group.
2666193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2667193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2668193c.2a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll) WinVerifyTrust
2669193c.2a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll
2670193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2671193c.2a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll
2672193c.2a80: supR3HardenedDllNotificationCallback: load 00007ff9425a0000 LB 0x01602000 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll [fFlags=0x0]
2673193c.2a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll
2674193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2675193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2676193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
2677193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2678193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2679193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
2680193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2681193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2682193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-synch-l1-2-0'
2683193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2684193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2685193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-fibers-l1-1-1'
2686193c.2a80: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
2687193c.2a80: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2688193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94bac0000 'api-ms-win-core-localization-l1-2-1'
2689193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9425a0000 'C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\igc64.dll'
2690193c.2a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f040000 'C:\WINDOWS\System32\OPENGL32.dll'
2691193c.36c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll
2692193c.36c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2693193c.36c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905790000 'C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f507e86e308a4c50\ig9icd64.dll'
2694193c.35e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2695193c.35e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2696193c.35e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2697193c.35e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2698193c.35e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2699193c.35e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2700193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2701193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2702193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2703193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2704193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2705193c.35e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2706193c.35e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2707193c.35e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2708193c.35e8: supR3HardenedDllNotificationCallback: load 00007ff9471e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2709193c.35e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2710193c.35e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9471e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2711193c.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2712193c.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2713193c.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2714193c.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2715193c.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2716193c.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2717193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2718193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2719193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2720193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2721193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2722193c.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2723193c.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2724193c.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2725193c.60c: supR3HardenedDllNotificationCallback: load 00007ff946750000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2726193c.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2727193c.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff946750000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2728193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94dd30000 'C:\WINDOWS\system32\Shell32.dll'
2729193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2730193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2731193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2732193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2733193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2734193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2735193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2736193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2737193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2738193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2739193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2740193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2741193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2742193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2743193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2744193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2745193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2746193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2747193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2748193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2749193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2750193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2751193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2752193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92f780000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2753193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2754193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f780000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2755193c.3628: supR3HardenedDllNotificationCallback: Unload 00007ff92f780000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2756193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2757193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2758193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2759193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2760193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2761193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2762193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2763193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2764193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2765193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2766193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2767193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2768193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2769193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2770193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2771193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2772193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
2773193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2774193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2775193c.3628: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2776193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2777193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2778193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2779193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2780193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2781193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2782193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2783193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2784193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2785193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2786193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2787193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2788193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2789193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2790193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2791193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2792193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2793193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2794193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2795193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2796193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2797193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2798193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2799193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2800193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2801193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2802193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2803193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2804193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2805193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2806193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2807193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2808193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2809193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2810193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2811193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2812193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2813193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2814193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2815193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2816193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2817193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2818193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2819193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2820193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2821193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2822193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2823193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2824193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2825193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2826193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2827193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2828193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2829193c.3628: supR3HardenedDllNotificationCallback: load 00007ff9404d0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2830193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2831193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92f390000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2832193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2833193c.3628: supR3HardenedDllNotificationCallback: load 00007ff901b60000 LB 0x009bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2834193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2835193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901b60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2836193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2837193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2838193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2839193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2840193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92f780000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2841193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2842193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f780000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2843193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2844193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2845193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2846193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906670000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2847193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2848193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2849193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2850193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f390000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2851193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2852193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2853193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2854193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2855193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2856193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2857193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2858193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2859193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2860193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2861193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2862193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2863193c.3628: supR3HardenedDllNotificationCallback: load 00007ff946440000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2864193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2865193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff946440000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2866193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2867193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2868193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2869193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2870193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2871193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2872193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2873193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2874193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2875193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2876193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2877193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2878193c.3628: supR3HardenedDllNotificationCallback: load 00007ff93dbf0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2879193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2880193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93dbf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2881193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2882193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2883193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2884193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2885193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2886193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2887193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2888193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2889193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2890193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2891193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2892193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2893193c.3628: supR3HardenedDllNotificationCallback: load 00007ff93d800000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2894193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2895193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93d800000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2896193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2897193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2898193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2899193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2900193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2901193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2902193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2903193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2904193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2905193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2906193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2907193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2908193c.3628: supR3HardenedDllNotificationCallback: load 00007ff93ca80000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2909193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2910193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ca80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2911193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2912193c.34ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2913193c.34ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2914193c.34ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2915193c.34ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2916193c.34ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2917193c.34ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2918193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2919193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2920193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2921193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2922193c.34ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2923193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2924193c.34ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2925193c.34ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2926193c.34ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2927193c.34ac: supR3HardenedDllNotificationCallback: load 00007ff9463b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2928193c.34ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2929193c.34ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9463b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2930193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2931193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2932193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2933193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2934193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2935193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2936193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2937193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2938193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2939193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2940193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2941193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2942193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2943193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2944193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2945193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2946193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2947193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2948193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2949193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2950193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2951193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2952193c.3628: supR3HardenedDllNotificationCallback: load 00007ff916c00000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2953193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2954193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916c00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2955193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2956193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2957193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2958193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2959193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
2960193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
2961193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2962193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2963193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2964193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2965193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2966193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2967193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2968193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2969193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2970193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2971193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2972193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2973193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2974193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2975193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2976193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2977193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2978193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2979193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2980193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2981193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2982193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
2983193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
2984193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2985193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2986193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2987193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2988193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2989193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2990193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2991193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2992193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
2993193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
2994193c.3628: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2995193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2996193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2997193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2998193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2999193c.3628: supR3HardenedDllNotificationCallback: load 00007ff94ae30000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3000193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3001193c.3628: supR3HardenedDllNotificationCallback: load 00007ff9447a0000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
3002193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3003193c.3628: supR3HardenedDllNotificationCallback: load 00007ff944620000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3004193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3005193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff944620000 'C:\WINDOWS\System32\MMDevApi.dll'
3006193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000100c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
3007193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
3008193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
3009193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
3010193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
3011193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3012193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3013193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3014193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
3015193c.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3016193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3017193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3018193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
3019193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
3020193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3021193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3022193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3023193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3024193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3025193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3026193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3027193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92a610000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3028193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3029193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3030193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3031193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\System32\dsound.dll'
3032193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\System32\dsound.dll'
3033193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3034193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3035193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3036193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3037193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3038193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff944620000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3039193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3040193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3041193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3042193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3043193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
3044193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
3045193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
3046193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3047193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3048193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3049193c.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3050193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3051193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3052193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3053193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3054193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3055193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3056193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3057193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3058193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3059193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3060193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3061193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3062193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3063193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3064193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3065193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3066193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3067193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3068193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3069193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3070193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3071193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3072193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3073193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3074193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3075193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3076193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3077193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3078193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3079193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3080193c.3628: supR3HardenedDllNotificationCallback: load 00007ff9473f0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3081193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3082193c.3628: supR3HardenedDllNotificationCallback: load 00007ff946f70000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3083193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3084193c.3628: supR3HardenedDllNotificationCallback: load 00007ff92f3f0000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3085193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3086193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3087193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3088193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3089193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3090193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3091193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3092193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3093193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3094193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3095193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3096193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3097193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3098193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3099193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3100193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3101193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3102193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3103193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3104193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
3105193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
3106193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3107193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3108193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3109193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3110193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3111193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3112193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3113193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3114193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3115193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3116193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3117193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3118193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3119193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3120193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
3121193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3122193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3123193c.3628: supR3HardenedDllNotificationCallback: load 00007ff93c720000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3124193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3125193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93c720000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3126193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3127193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3128193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3129193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3130193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3131193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3132193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92f3f0000 'C:\WINDOWS\System32\wdmaud.drv'
3133193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000da8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3134193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
3135193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
3136193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
3137193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3138193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3139193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3140193c.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3141193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3142193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3143193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3144193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3145193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3146193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3147193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3148193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3149193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3150193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3151193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3152193c.3628: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
3153193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3154193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3155193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3156193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3157193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3158193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3159193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3160193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3161193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3162193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3163193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3164193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3165193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3166193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3167193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3168193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3169193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3170193c.3628: supR3HardenedDllNotificationCallback: load 00007ff93d940000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3171193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3172193c.3628: supR3HardenedDllNotificationCallback: load 00007ff945280000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3173193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3174193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3175193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3176193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3177193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3178193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3179193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3180193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3181193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3182193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3183193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3184193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3185193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3186193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3187193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3188193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3189193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3190193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3191193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3192193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3193193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3194193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3195193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff945280000 'C:\WINDOWS\System32\msacm32.drv'
3196193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001160 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3197193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000032ea9a0
3198193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000032ea9a0
3199193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
3200193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3201193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3202193c.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3203193c.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3204193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3205193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3206193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3207193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3208193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3209193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3210193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3211193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3212193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3213193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3214193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3215193c.3628: supR3HardenedDllNotificationCallback: load 00007ff9412a0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3216193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3217193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9412a0000 'C:\WINDOWS\System32\midimap.dll'
3218193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3219193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3220193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9412a0000 'C:\WINDOWS\System32\midimap.dll'
3221193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3222193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3223193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9412a0000 'C:\WINDOWS\System32\midimap.dll'
3224193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3225193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3226193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9412a0000 'C:\WINDOWS\System32\midimap.dll'
3227193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3228193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3229193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3230193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3231193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3232193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3233193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3234193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3235193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3236193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3237193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3238193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3239193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3240193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3241193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3242193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3243193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3244193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3245193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3246193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3247193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3248193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3249193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3250193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3251193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3252193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3253193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3254193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3255193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3256193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3257193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3258193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3259193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3260193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3261193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3262193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3263193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3264193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3265193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3266193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3267193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3268193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3269193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3270193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3271193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3272193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3273193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3274193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3275193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3276193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3277193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3278193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3279193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3280193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3281193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3282193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3283193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3284193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3285193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3286193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3287193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3288193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3289193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3290193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3291193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3292193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3293193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3294193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3295193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3296193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3297193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3298193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3299193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3300193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3301193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3302193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3303193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3304193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3305193c.2b54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3306193c.2b54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3307193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3308193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3309193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3310193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3311193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3312193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3313193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3314193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94ba60000 'C:\Windows\System32\WINTRUST.DLL'
3315193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\CRYPT32.dll'
3316193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3317193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93a160000 'C:\Windows\System32\cryptnet.dll'
3318193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3319193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3320193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
3321193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
3322193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
3323193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'textinputframework.dll'.
3324193c.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
3325193c.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.UI.dll) WinVerifyTrust
3326193c.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
3327193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3328193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3329193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
3330193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume2\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
3331193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
3332193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3333193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3334193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
3335193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a4c0000 'C:\WINDOWS\system32\rsaenh.dll'
3336193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\crypt32.dll'
3337193c.3628: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
3338193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3339193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3340193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
3341193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3342193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3343193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
3344193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3345193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3346193c.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3347193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3348193c.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3349193c.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3350193c.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
3351193c.3628: supR3HardenedDllNotificationCallback: load 00007ff946460000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3352193c.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll
3353193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff946460000 'C:\Windows\System32\Windows.UI.dll'
3354193c.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3355193c.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3356193c.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff946f70000 'C:\WINDOWS\System32\avrt.dll'
3357193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3358193c.2b54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3359193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3360193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3361193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a610000 'C:\WINDOWS\system32\dsound.dll'
3362193c.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9492f0000 'C:\WINDOWS\System32\winmm.dll'
3363193c.2c04: supR3HardenedDllNotificationCallback: Unload 00007ff946460000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy