VirtualBox

Ticket #17541: VBoxHardening.log

File VBoxHardening.log, 359.7 KB (added by PeterG, 7 years ago)
Line 
1207c.1288: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
2207c.1288: \SystemRoot\System32\ntdll.dll:
3207c.1288: CreationTime: 2018-01-09T08:11:14.548791100Z
4207c.1288: LastWriteTime: 2018-01-01T12:48:26.082566200Z
5207c.1288: ChangeTime: 2018-01-09T16:31:35.006184400Z
6207c.1288: FileAttributes: 0x20
7207c.1288: Size: 0x1dd100
8207c.1288: NT Headers: 0xe0
9207c.1288: Timestamp: 0x6dead514
10207c.1288: Machine: 0x8664 - amd64
11207c.1288: Timestamp: 0x6dead514
12207c.1288: Image Version: 10.0
13207c.1288: SizeOfImage: 0x1e0000 (1966080)
14207c.1288: Resource Dir: 0x174000 LB 0x6a1d8
15207c.1288: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16207c.1288: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17207c.1288: ProductName: Microsoft® Windows® Operating System
18207c.1288: ProductVersion: 10.0.16299.192
19207c.1288: FileVersion: 10.0.16299.192 (WinBuild.160101.0800)
20207c.1288: FileDescription: NT Layer DLL
21207c.1288: \SystemRoot\System32\kernel32.dll:
22207c.1288: CreationTime: 2017-09-29T13:42:04.954227600Z
23207c.1288: LastWriteTime: 2017-09-29T13:42:04.954227600Z
24207c.1288: ChangeTime: 2017-12-10T16:06:18.634840500Z
25207c.1288: FileAttributes: 0x20
26207c.1288: Size: 0xab868
27207c.1288: NT Headers: 0xe8
28207c.1288: Timestamp: 0xc2cf900
29207c.1288: Machine: 0x8664 - amd64
30207c.1288: Timestamp: 0xc2cf900
31207c.1288: Image Version: 10.0
32207c.1288: SizeOfImage: 0xae000 (712704)
33207c.1288: Resource Dir: 0xac000 LB 0x520
34207c.1288: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35207c.1288: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36207c.1288: ProductName: Microsoft® Windows® Operating System
37207c.1288: ProductVersion: 10.0.16299.15
38207c.1288: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
39207c.1288: FileDescription: Windows NT BASE API Client DLL
40207c.1288: \SystemRoot\System32\KernelBase.dll:
41207c.1288: CreationTime: 2017-09-29T13:41:43.124345500Z
42207c.1288: LastWriteTime: 2017-09-29T13:41:43.124345500Z
43207c.1288: ChangeTime: 2017-12-10T16:06:18.650465000Z
44207c.1288: FileAttributes: 0x20
45207c.1288: Size: 0x266000
46207c.1288: NT Headers: 0xf0
47207c.1288: Timestamp: 0x4736733c
48207c.1288: Machine: 0x8664 - amd64
49207c.1288: Timestamp: 0x4736733c
50207c.1288: Image Version: 10.0
51207c.1288: SizeOfImage: 0x266000 (2514944)
52207c.1288: Resource Dir: 0x245000 LB 0x548
53207c.1288: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54207c.1288: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55207c.1288: ProductName: Microsoft® Windows® Operating System
56207c.1288: ProductVersion: 10.0.16299.15
57207c.1288: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
58207c.1288: FileDescription: Windows NT BASE API Client DLL
59207c.1288: \SystemRoot\System32\apisetschema.dll:
60207c.1288: CreationTime: 2017-09-29T13:42:07.095026600Z
61207c.1288: LastWriteTime: 2017-09-29T13:42:07.095026600Z
62207c.1288: ChangeTime: 2018-01-09T08:12:25.641482000Z
63207c.1288: FileAttributes: 0x20
64207c.1288: Size: 0x1b398
65207c.1288: NT Headers: 0xc8
66207c.1288: Timestamp: 0xf30abf31
67207c.1288: Machine: 0x8664 - amd64
68207c.1288: Timestamp: 0xf30abf31
69207c.1288: Image Version: 10.0
70207c.1288: SizeOfImage: 0x1c000 (114688)
71207c.1288: Resource Dir: 0x1b000 LB 0x408
72207c.1288: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73207c.1288: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74207c.1288: ProductName: Microsoft® Windows® Operating System
75207c.1288: ProductVersion: 10.0.16299.15
76207c.1288: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
77207c.1288: FileDescription: ApiSet Schema DLL
78207c.1288: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79207c.1288: supR3HardenedWinFindAdversaries: 0x0
80207c.1288: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81207c.1288: Calling main()
82207c.1288: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83207c.1288: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
84207c.1288: SUPR3HardenedMain: Respawn #1
85207c.1288: System32: \Device\HarddiskVolume2\Windows\System32
86207c.1288: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
87207c.1288: KnownDllPath: C:\WINDOWS\System32
88207c.1288: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89207c.1288: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90207c.1288: supR3HardNtEnableThreadCreation:
91207c.1288: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8201491d0 pvNtTerminateThread=00007ff8201708c0
92207c.1288: supR3HardenedWinDoReSpawn(1): New child 3208.25ac [kernel32].
93207c.1288: supR3HardNtChildGatherData: PebBaseAddress=0000000000573000 cbPeb=0x388
94207c.1288: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8200d0000 uNtDllChildAddr=00007ff8200d0000
95207c.1288: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8201491d0
96207c.1288: supR3HardenedWinSetupChildInit: Start child.
97207c.1288: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
98207c.1288: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 32 sleeps
99207c.1288: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100207c.1288: *0000000000000000-000000000036ffff 0x0001/0x0000 0x0000000
101207c.1288: *0000000000370000-000000000038ffff 0x0004/0x0004 0x0020000
102207c.1288: *0000000000390000-00000000003a8fff 0x0002/0x0002 0x0040000
103207c.1288: 00000000003a9000-00000000003affff 0x0001/0x0000 0x0000000
104207c.1288: *00000000003b0000-00000000003b3fff 0x0002/0x0002 0x0040000
105207c.1288: 00000000003b4000-00000000003bffff 0x0001/0x0000 0x0000000
106207c.1288: *00000000003c0000-00000000003c0fff 0x0004/0x0004 0x0020000
107207c.1288: 00000000003c1000-00000000003fffff 0x0001/0x0000 0x0000000
108207c.1288: *0000000000400000-0000000000572fff 0x0000/0x0004 0x0020000
109207c.1288: 0000000000573000-0000000000575fff 0x0004/0x0004 0x0020000
110207c.1288: 0000000000576000-00000000005fffff 0x0000/0x0004 0x0020000
111207c.1288: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
112207c.1288: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
113207c.1288: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
114207c.1288: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
115207c.1288: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116207c.1288: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
117207c.1288: 000000007fff0000-00007ff7b80fffff 0x0001/0x0000 0x0000000
118207c.1288: *00007ff7b8100000-00007ff7b8122fff 0x0002/0x0002 0x0040000
119207c.1288: 00007ff7b8123000-00007ff7b81dffff 0x0001/0x0000 0x0000000
120207c.1288: *00007ff7b81e0000-00007ff7b81e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121207c.1288: 00007ff7b81e1000-00007ff7b8251fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122207c.1288: 00007ff7b8252000-00007ff7b8252fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123207c.1288: 00007ff7b8253000-00007ff7b8298fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124207c.1288: 00007ff7b8299000-00007ff7b8299fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
125207c.1288: 00007ff7b829a000-00007ff7b829afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
126207c.1288: 00007ff7b829b000-00007ff7b829ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
127207c.1288: 00007ff7b82a0000-00007ff7b82a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
128207c.1288: 00007ff7b82a1000-00007ff7b82a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
129207c.1288: 00007ff7b82a2000-00007ff7b82a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
130207c.1288: 00007ff7b82a6000-00007ff7b82edfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
131207c.1288: 00007ff7b82ee000-00007ff8200cffff 0x0001/0x0000 0x0000000
132207c.1288: *00007ff8200d0000-00007ff8200d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
133207c.1288: 00007ff8200d1000-00007ff8201e2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
134207c.1288: 00007ff8201e3000-00007ff820228fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
135207c.1288: 00007ff820229000-00007ff820230fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
136207c.1288: 00007ff820231000-00007ff82023efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137207c.1288: 00007ff82023f000-00007ff82023ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138207c.1288: 00007ff820240000-00007ff820242fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139207c.1288: 00007ff820243000-00007ff8202affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140207c.1288: 00007ff8202b0000-00007ffffffdffff 0x0001/0x0000 0x0000000
141207c.1288: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142207c.1288: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
143207c.1288: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144207c.1288: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
145207c.1288: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0).
1463208.25ac: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
1473208.25ac: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8200d0000 g_uNtVerCombined=0xa03fab00
1483208.25ac: ntdll.dll: timestamp 0x6dead514 (rc=VINF_SUCCESS)
1493208.25ac: New simple heap: #1 0000000000800000 LB 0x400000 (for 1966080 allocation)
150207c.1288: supR3HardNtEnableThreadCreation:
1513208.25ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1523208.25ac: System32: \Device\HarddiskVolume2\Windows\System32
1533208.25ac: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1543208.25ac: KnownDllPath: C:\WINDOWS\System32
1553208.25ac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1563208.25ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1573208.25ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1583208.25ac: Registered Dll notification callback with NTDLL.
1593208.25ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1603208.25ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1613208.25ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1623208.25ac: supR3HardenedDllNotificationCallback: load 00007ff81d0a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1633208.25ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1643208.25ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1653208.25ac: supR3HardenedDllNotificationCallback: load 00007ff81f590000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1663208.25ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1673208.25ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f590000 'C:\WINDOWS\System32\KERNEL32.DLL'
1683208.25ac: supR3HardenedDllNotificationCallback: load 00007ff7b81e0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1693208.25ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1703208.25ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1713208.25ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1723208.25ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8201491d0 pvNtTerminateThread=00007ff8201708c0
173207c.1288: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms.
1743208.25ac: \SystemRoot\System32\ntdll.dll:
1753208.25ac: CreationTime: 2018-01-09T08:11:14.548791100Z
1763208.25ac: LastWriteTime: 2018-01-01T12:48:26.082566200Z
1773208.25ac: ChangeTime: 2018-01-09T16:31:35.006184400Z
1783208.25ac: FileAttributes: 0x20
1793208.25ac: Size: 0x1dd100
1803208.25ac: NT Headers: 0xe0
1813208.25ac: Timestamp: 0x6dead514
1823208.25ac: Machine: 0x8664 - amd64
1833208.25ac: Timestamp: 0x6dead514
1843208.25ac: Image Version: 10.0
1853208.25ac: SizeOfImage: 0x1e0000 (1966080)
1863208.25ac: Resource Dir: 0x174000 LB 0x6a1d8
1873208.25ac: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1883208.25ac: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1893208.25ac: ProductName: Microsoft® Windows® Operating System
1903208.25ac: ProductVersion: 10.0.16299.192
1913208.25ac: FileVersion: 10.0.16299.192 (WinBuild.160101.0800)
1923208.25ac: FileDescription: NT Layer DLL
1933208.25ac: \SystemRoot\System32\kernel32.dll:
1943208.25ac: CreationTime: 2017-09-29T13:42:04.954227600Z
1953208.25ac: LastWriteTime: 2017-09-29T13:42:04.954227600Z
1963208.25ac: ChangeTime: 2017-12-10T16:06:18.634840500Z
1973208.25ac: FileAttributes: 0x20
1983208.25ac: Size: 0xab868
1993208.25ac: NT Headers: 0xe8
2003208.25ac: Timestamp: 0xc2cf900
2013208.25ac: Machine: 0x8664 - amd64
2023208.25ac: Timestamp: 0xc2cf900
2033208.25ac: Image Version: 10.0
2043208.25ac: SizeOfImage: 0xae000 (712704)
2053208.25ac: Resource Dir: 0xac000 LB 0x520
2063208.25ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2073208.25ac: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2083208.25ac: ProductName: Microsoft® Windows® Operating System
2093208.25ac: ProductVersion: 10.0.16299.15
2103208.25ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
2113208.25ac: FileDescription: Windows NT BASE API Client DLL
2123208.25ac: \SystemRoot\System32\KernelBase.dll:
2133208.25ac: CreationTime: 2017-09-29T13:41:43.124345500Z
2143208.25ac: LastWriteTime: 2017-09-29T13:41:43.124345500Z
2153208.25ac: ChangeTime: 2017-12-10T16:06:18.650465000Z
2163208.25ac: FileAttributes: 0x20
2173208.25ac: Size: 0x266000
2183208.25ac: NT Headers: 0xf0
2193208.25ac: Timestamp: 0x4736733c
2203208.25ac: Machine: 0x8664 - amd64
2213208.25ac: Timestamp: 0x4736733c
2223208.25ac: Image Version: 10.0
2233208.25ac: SizeOfImage: 0x266000 (2514944)
2243208.25ac: Resource Dir: 0x245000 LB 0x548
2253208.25ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2263208.25ac: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2273208.25ac: ProductName: Microsoft® Windows® Operating System
2283208.25ac: ProductVersion: 10.0.16299.15
2293208.25ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
2303208.25ac: FileDescription: Windows NT BASE API Client DLL
2313208.25ac: \SystemRoot\System32\apisetschema.dll:
2323208.25ac: CreationTime: 2017-09-29T13:42:07.095026600Z
2333208.25ac: LastWriteTime: 2017-09-29T13:42:07.095026600Z
2343208.25ac: ChangeTime: 2018-01-09T08:12:25.641482000Z
2353208.25ac: FileAttributes: 0x20
2363208.25ac: Size: 0x1b398
2373208.25ac: NT Headers: 0xc8
2383208.25ac: Timestamp: 0xf30abf31
2393208.25ac: Machine: 0x8664 - amd64
2403208.25ac: Timestamp: 0xf30abf31
2413208.25ac: Image Version: 10.0
2423208.25ac: SizeOfImage: 0x1c000 (114688)
2433208.25ac: Resource Dir: 0x1b000 LB 0x408
2443208.25ac: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2453208.25ac: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2463208.25ac: ProductName: Microsoft® Windows® Operating System
2473208.25ac: ProductVersion: 10.0.16299.15
2483208.25ac: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
2493208.25ac: FileDescription: ApiSet Schema DLL
2503208.25ac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2513208.25ac: supR3HardenedWinFindAdversaries: 0x0
2523208.25ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2533208.25ac: Calling main()
2543208.25ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2553208.25ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2563208.25ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2573208.25ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2583208.25ac: SUPR3HardenedMain: Respawn #2
2593208.25ac: supR3HardNtEnableThreadCreation:
2603208.25ac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2613208.25ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
2623208.25ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2633208.25ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2643208.25ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8200d0000 'C:\WINDOWS\System32\ntdll.dll'
2653208.25ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8201491d0 pvNtTerminateThread=00007ff8201708c0
2663208.25ac: supR3HardenedWinDoReSpawn(2): New child 2894.8ec [kernel32].
2673208.25ac: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2683208.25ac: supR3HardNtChildGatherData: PebBaseAddress=00000000004fb000 cbPeb=0x388
2693208.25ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8200d0000 uNtDllChildAddr=00007ff8200d0000
2703208.25ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8201491d0
2713208.25ac: supR3HardenedWinSetupChildInit: Start child.
2723208.25ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2733208.25ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 31 sleeps
2743208.25ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2753208.25ac: *0000000000000000-000000000025ffff 0x0001/0x0000 0x0000000
2763208.25ac: *0000000000260000-000000000027ffff 0x0004/0x0004 0x0020000
2773208.25ac: *0000000000280000-0000000000298fff 0x0002/0x0002 0x0040000
2783208.25ac: 0000000000299000-000000000029ffff 0x0001/0x0000 0x0000000
2793208.25ac: *00000000002a0000-000000000039afff 0x0000/0x0004 0x0020000
2803208.25ac: 000000000039b000-000000000039dfff 0x0104/0x0004 0x0020000
2813208.25ac: 000000000039e000-000000000039ffff 0x0004/0x0004 0x0020000
2823208.25ac: *00000000003a0000-00000000003a3fff 0x0002/0x0002 0x0040000
2833208.25ac: 00000000003a4000-00000000003affff 0x0001/0x0000 0x0000000
2843208.25ac: *00000000003b0000-00000000003b0fff 0x0004/0x0004 0x0020000
2853208.25ac: 00000000003b1000-00000000003fffff 0x0001/0x0000 0x0000000
2863208.25ac: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
2873208.25ac: 00000000004fb000-00000000004fdfff 0x0004/0x0004 0x0020000
2883208.25ac: 00000000004fe000-00000000005fffff 0x0000/0x0004 0x0020000
2893208.25ac: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
2903208.25ac: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2913208.25ac: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2923208.25ac: 000000007fff0000-00007ff7b71dffff 0x0001/0x0000 0x0000000
2933208.25ac: *00007ff7b71e0000-00007ff7b7202fff 0x0002/0x0002 0x0040000
2943208.25ac: 00007ff7b7203000-00007ff7b81dffff 0x0001/0x0000 0x0000000
2953208.25ac: *00007ff7b81e0000-00007ff7b81e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2963208.25ac: 00007ff7b81e1000-00007ff7b8251fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2973208.25ac: 00007ff7b8252000-00007ff7b8252fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2983208.25ac: 00007ff7b8253000-00007ff7b8298fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2993208.25ac: 00007ff7b8299000-00007ff7b8299fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3003208.25ac: 00007ff7b829a000-00007ff7b829afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3013208.25ac: 00007ff7b829b000-00007ff7b829ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3023208.25ac: 00007ff7b82a0000-00007ff7b82a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3033208.25ac: 00007ff7b82a1000-00007ff7b82a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3043208.25ac: 00007ff7b82a2000-00007ff7b82a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3053208.25ac: 00007ff7b82a6000-00007ff7b82edfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3063208.25ac: 00007ff7b82ee000-00007ff8200cffff 0x0001/0x0000 0x0000000
3073208.25ac: *00007ff8200d0000-00007ff8200d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3083208.25ac: 00007ff8200d1000-00007ff8201e2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3093208.25ac: 00007ff8201e3000-00007ff820228fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3103208.25ac: 00007ff820229000-00007ff820230fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3113208.25ac: 00007ff820231000-00007ff82023efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3123208.25ac: 00007ff82023f000-00007ff82023ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3133208.25ac: 00007ff820240000-00007ff820242fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3143208.25ac: 00007ff820243000-00007ff8202affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3153208.25ac: 00007ff8202b0000-00007ffffffdffff 0x0001/0x0000 0x0000000
3163208.25ac: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3173208.25ac: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
3183208.25ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3193208.25ac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3203208.25ac: supR3HardNtChildPurify: Done after 282 ms and 0 fixes (loop #0).
3212894.8ec: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
3222894.8ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8200d0000 g_uNtVerCombined=0xa03fab00
3233208.25ac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
3243208.25ac: supR3HardNtEnableThreadCreation:
3252894.8ec: ntdll.dll: timestamp 0x6dead514 (rc=VINF_SUCCESS)
3262894.8ec: New simple heap: #1 0000000000700000 LB 0x400000 (for 1966080 allocation)
3272894.8ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3282894.8ec: System32: \Device\HarddiskVolume2\Windows\System32
3292894.8ec: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3302894.8ec: KnownDllPath: C:\WINDOWS\System32
3312894.8ec: supR3HardenedVmProcessInit: Opening vboxdrv...
3322894.8ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3332894.8ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3342894.8ec: Registered Dll notification callback with NTDLL.
3352894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3362894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3372894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3382894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d0a0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3392894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3402894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3412894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f590000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3422894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3432894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f590000 'C:\WINDOWS\System32\KERNEL32.DLL'
3442894.8ec: supR3HardenedDllNotificationCallback: load 00007ff7b81e0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3452894.8ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3462894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3472894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3482894.8ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8201491d0 pvNtTerminateThread=00007ff8201708c0
3493208.25ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 72 ms.
3502894.8ec: \SystemRoot\System32\ntdll.dll:
3512894.8ec: CreationTime: 2018-01-09T08:11:14.548791100Z
3522894.8ec: LastWriteTime: 2018-01-01T12:48:26.082566200Z
3532894.8ec: ChangeTime: 2018-01-09T16:31:35.006184400Z
3542894.8ec: FileAttributes: 0x20
3552894.8ec: Size: 0x1dd100
3562894.8ec: NT Headers: 0xe0
3572894.8ec: Timestamp: 0x6dead514
3582894.8ec: Machine: 0x8664 - amd64
3592894.8ec: Timestamp: 0x6dead514
3602894.8ec: Image Version: 10.0
3612894.8ec: SizeOfImage: 0x1e0000 (1966080)
3622894.8ec: Resource Dir: 0x174000 LB 0x6a1d8
3632894.8ec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3642894.8ec: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3652894.8ec: ProductName: Microsoft® Windows® Operating System
3662894.8ec: ProductVersion: 10.0.16299.192
3672894.8ec: FileVersion: 10.0.16299.192 (WinBuild.160101.0800)
3682894.8ec: FileDescription: NT Layer DLL
3692894.8ec: \SystemRoot\System32\kernel32.dll:
3702894.8ec: CreationTime: 2017-09-29T13:42:04.954227600Z
3712894.8ec: LastWriteTime: 2017-09-29T13:42:04.954227600Z
3722894.8ec: ChangeTime: 2017-12-10T16:06:18.634840500Z
3732894.8ec: FileAttributes: 0x20
3742894.8ec: Size: 0xab868
3752894.8ec: NT Headers: 0xe8
3762894.8ec: Timestamp: 0xc2cf900
3772894.8ec: Machine: 0x8664 - amd64
3782894.8ec: Timestamp: 0xc2cf900
3792894.8ec: Image Version: 10.0
3802894.8ec: SizeOfImage: 0xae000 (712704)
3812894.8ec: Resource Dir: 0xac000 LB 0x520
3822894.8ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3832894.8ec: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3842894.8ec: ProductName: Microsoft® Windows® Operating System
3852894.8ec: ProductVersion: 10.0.16299.15
3862894.8ec: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
3872894.8ec: FileDescription: Windows NT BASE API Client DLL
3882894.8ec: \SystemRoot\System32\KernelBase.dll:
3892894.8ec: CreationTime: 2017-09-29T13:41:43.124345500Z
3902894.8ec: LastWriteTime: 2017-09-29T13:41:43.124345500Z
3912894.8ec: ChangeTime: 2017-12-10T16:06:18.650465000Z
3922894.8ec: FileAttributes: 0x20
3932894.8ec: Size: 0x266000
3942894.8ec: NT Headers: 0xf0
3952894.8ec: Timestamp: 0x4736733c
3962894.8ec: Machine: 0x8664 - amd64
3972894.8ec: Timestamp: 0x4736733c
3982894.8ec: Image Version: 10.0
3992894.8ec: SizeOfImage: 0x266000 (2514944)
4002894.8ec: Resource Dir: 0x245000 LB 0x548
4012894.8ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4022894.8ec: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4032894.8ec: ProductName: Microsoft® Windows® Operating System
4042894.8ec: ProductVersion: 10.0.16299.15
4052894.8ec: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
4062894.8ec: FileDescription: Windows NT BASE API Client DLL
4072894.8ec: \SystemRoot\System32\apisetschema.dll:
4082894.8ec: CreationTime: 2017-09-29T13:42:07.095026600Z
4092894.8ec: LastWriteTime: 2017-09-29T13:42:07.095026600Z
4102894.8ec: ChangeTime: 2018-01-09T08:12:25.641482000Z
4112894.8ec: FileAttributes: 0x20
4122894.8ec: Size: 0x1b398
4132894.8ec: NT Headers: 0xc8
4142894.8ec: Timestamp: 0xf30abf31
4152894.8ec: Machine: 0x8664 - amd64
4162894.8ec: Timestamp: 0xf30abf31
4172894.8ec: Image Version: 10.0
4182894.8ec: SizeOfImage: 0x1c000 (114688)
4192894.8ec: Resource Dir: 0x1b000 LB 0x408
4202894.8ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4212894.8ec: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4222894.8ec: ProductName: Microsoft® Windows® Operating System
4232894.8ec: ProductVersion: 10.0.16299.15
4242894.8ec: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
4252894.8ec: FileDescription: ApiSet Schema DLL
4262894.8ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4272894.8ec: supR3HardenedWinFindAdversaries: 0x0
4282894.8ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4292894.8ec: Calling main()
4302894.8ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4312894.8ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4322894.8ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4332894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4342894.8ec: SUPR3HardenedMain: Final process, opening VBoxDrv...
4352894.8ec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
4362894.8ec: supR3HardNtEnableThreadCreation:
4372894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4382894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4392894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4402894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4412894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81a110000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4422894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4432894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4442894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4452894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4462894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4472894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4482894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4492894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4502894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4512894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4522894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4532894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4542894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4552894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4562894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4582894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4592894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4602894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4612894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4622894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
4632894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4642894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4652894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4662894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4672894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4682894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4692894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4702894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4712894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4722894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4732894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4742894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4752894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4762894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4772894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d760000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4782894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4792894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c460000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4802894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4812894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c620000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4822894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
4832894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
4842894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ced0000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4852894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4862894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f170000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4872894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4882894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f090000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4892894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4902894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
4912894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
4922894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f4e0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
4932894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4942894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
4952894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4962894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
4972894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
4982894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ce70000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
4992894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5002894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5012894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5022894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-synch-l1-2-0'
5032894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5042894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5052894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-fibers-l1-1-1'
5062894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5072894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5082894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-fibers-l1-1-1'
5092894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5102894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5112894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-synch-l1-2-0'
5122894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5132894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5142894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-localization-l1-2-1'
5152894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ce70000 'C:\WINDOWS\system32\Wintrust.dll'
5162894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5172894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5202894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5232894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5262894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5292894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5302894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5312894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5322894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81bf80000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5332894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5342894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81bf80000 'C:\WINDOWS\system32\bcrypt.dll'
5352894.8ec: bcrypt.dll loaded at 00007ff81bf80000, BCryptOpenAlgorithmProvider at 00007ff81bf82590, preloading providers:
5362894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5372894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5382894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5392894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c4d0000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5402894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81c4d0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5422894.8ec: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002cf62c0)
5432894.8ec: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002cfeeb0)
5442894.8ec: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002cff180)
5452894.8ec: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002cff2c0)
5462894.8ec: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002d01b00)
5472894.8ec: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002d01dd0)
5482894.8ec: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002d020a0)
5492894.8ec: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002d02370)
5502894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5512894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5522894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81be70000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5532894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5542894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5552894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5562894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5582894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5592894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5602894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5612894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5622894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81b8c0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5632894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5642894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
5652894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5662894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5672894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5682894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81be90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5692894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5702894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5712894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5722894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5732894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5742894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5752894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f590000 'C:\WINDOWS\System32\kernel32.dll'
5762894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5772894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5782894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ce70000 'C:\WINDOWS\System32\WINTRUST.DLL'
5792894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5802894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5812894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\CRYPT32.dll'
5822894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5832894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5842894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ce70000 'C:\Windows\System32\WINTRUST.DLL'
5852894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f6a0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5862894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5872894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5882894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5892894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5902894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
5912894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5922894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5932894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5942894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5952894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81b210000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5962894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5972894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c420000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
5982894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5992894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
6002894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6012894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6022894.8ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
6032894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6042894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6062894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6072894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6082894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6092894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6112894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6122894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6152894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6162894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6172894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6182894.8ec: supR3HardenedDllNotificationCallback: load 00007ff8050f0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6192894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6202894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6212894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6222894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6232894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6242894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6262894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6272894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6282894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6292894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6302894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6312894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6322894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6332894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6342894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6352894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6362894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6372894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6382894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6392894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6402894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6422894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6432894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6442894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6452894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6462894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6472894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6482894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\WINDOWS\System32\cryptnet.dll'
6492894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6502894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8050f0000 'C:\Windows\System32\cryptnet.dll'
6512894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6522894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6532894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
6542894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6552894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6562894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
6572894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6582894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002d72c10
6592894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
6602894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87BCB33873770F2BD3458AA5B3F0FC1EF692E639
6612894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6622894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6632894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f170000 'C:\WINDOWS\System32\rpcrt4.dll'
6642894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6652894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6662894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
6672894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6682894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6692894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
6702894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_924_for_KB4056892~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\SystemRoot\System32\ntdll.dll'
6712894.8ec: g_pfnWinVerifyTrust=00007ff81ce76bc0
6722894.8ec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6732894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6742894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6752894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
6762894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6772894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6782894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
6792894.8ec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
6802894.8ec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6812894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6822894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6832894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
6842894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6852894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6862894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
6872894.8ec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
6882894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6892894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
6902894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
6912894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
6922894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6932894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6942894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
6952894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
6962894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6972894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6982894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6992894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7002894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7012894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7022894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7032894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7042894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7052894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7062894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7072894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7082894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7092894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7102894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7112894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7122894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7132894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7142894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7152894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7162894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7172894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7182894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7192894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7202894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7212894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7222894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7232894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7242894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7262894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7272894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7282894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7292894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7302894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7312894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7322894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7332894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7342894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7352894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7362894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7372894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7382894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7392894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7402894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
7412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7422894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7432894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7442894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7452894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7462894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7472894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7482894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7492894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7502894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7512894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7522894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7532894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7542894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7552894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7562894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7572894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
7582894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
7592894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7602894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\system32\crypt32.dll'
7612894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7622894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x2072812a68d0c700 OU=generated by AVG Antivirus for SSL/TLS scanning, O=AVG Web/Mail Shield, CN=AVG Web/Mail Shield Root
7632894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7642894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7652894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7662894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7672894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7682894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x8543945f4f5c849b CN=USB\VID_2982&PID_1967&MI_00 (libwdi autogenerated)
7692894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7702894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7712894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7722894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
7732894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7742894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
7752894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7762894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
7772894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7782894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7792894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
7802894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
7812894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7822894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7832894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7842894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
7852894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
7862894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7872894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7882894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7892894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
7902894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7912894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7922894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
7932894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
7942894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
7952894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7962894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7972894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
7982894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
7992894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
8002894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe6519d844e429500 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
8012894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8022894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8032894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
8042894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8052894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8062894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8072894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
8082894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
8092894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
8102894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
8112894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
8122894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8132894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8142894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8152894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8162894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8172894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
8182894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
8192894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8202894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8212894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
8222894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
8232894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8242894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
8252894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8262894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
8272894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8282894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8292894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
8302894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8312894.8ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8322894.8ec: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=71
8332894.8ec: SUPR3HardenedMain: Load Runtime...
8342894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
8352894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8362894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8372894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8382894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8392894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8402894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8432894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8442894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8452894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8462894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
8472894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
8482894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8492894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8502894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8512894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8522894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8532894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8542894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8552894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8562894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
8572894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8582894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8592894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8602894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8612894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8622894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8632894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8642894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8652894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8662894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8672894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
8682894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8692894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8702894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8712894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8722894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8732894.8ec: supR3HardenedDllNotificationCallback: load 0000000050500000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8742894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8752894.8ec: supR3HardenedDllNotificationCallback: load 00000000505e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8762894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8772894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d6f0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
8782894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8792894.8ec: supR3HardenedDllNotificationCallback: load 00007fffe5650000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8802894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8812894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8822894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8832894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8842894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8852894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8862894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8872894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8882894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8892894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8902894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8912894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8922894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8932894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8942894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8952894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8962894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8972894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8982894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8992894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9002894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9012894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9022894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9032894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9042894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9052894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9062894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9072894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9082894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9092894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9102894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9112894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9122894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9132894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9142894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9152894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9162894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9172894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9182894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9192894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9202894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9212894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9222894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9232894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9242894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9262894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9272894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9282894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9292894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9302894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9312894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe5650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9322894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
9332894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9342894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ce70000 'C:\WINDOWS\system32\Wintrust.dll'
9352894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
9362894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
9372894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9382894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9392894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
9402894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
9412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\system32\crypt32.dll'
9422894.8ec: SUPR3HardenedMain: Load TrustedMain...
9432894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
9442894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9452894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9462894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9472894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9482894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9492894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9502894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9512894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9522894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9532894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9542894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9552894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9562894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9572894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9582894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
9592894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9602894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9612894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9622894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9632894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
9642894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
9652894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9662894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9672894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9682894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9692894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9702894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9712894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9722894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9732894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9742894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9752894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9762894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9772894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9782894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9792894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9802894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9812894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9822894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9832894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
9842894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9852894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9862894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
9872894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9882894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9892894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
9902894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
9912894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
9922894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9932894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9942894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9952894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9962894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9972894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9982894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9992894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
10002894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10012894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
10022894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
10032894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
10042894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10062894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
10072894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
10082894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
10092894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10112894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
10122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10142894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
10152894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
10162894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
10172894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
10182894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
10192894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
10202894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
10212894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10232894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10262894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
10272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10292894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
10302894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10312894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10322894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10332894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10352894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10362894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
10372894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10382894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10392894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10402894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10432894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10442894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10452894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10462894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
10472894.8ec: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
10482894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
10492894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
10502894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
10512894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
10522894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10532894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
10542894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
10552894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
10562894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10582894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10592894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10602894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10612894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10622894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
10632894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10642894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10652894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10662894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10672894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10682894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10692894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10702894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10712894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10722894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
10732894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
10742894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10752894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10762894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10772894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
10782894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10792894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10802894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10812894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10822894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10832894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10842894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
10852894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
10862894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10872894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10882894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10892894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10902894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10912894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10922894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10932894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10942894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10952894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10962894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10972894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10982894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10992894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
11002894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
11012894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
11022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11032894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11042894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
11052894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
11062894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
11072894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
11082894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11092894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
11102894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11112894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11122894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
11132894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
11142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
11152894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
11162894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
11172894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11182894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11192894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11202894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11212894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11222894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11232894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11242894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11252894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11262894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11282894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11292894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11312894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11322894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11332894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11342894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11352894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11362894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11372894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11382894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11392894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11402894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11432894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11442894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11452894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11462894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11472894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11482894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11492894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11502894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11512894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11522894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11532894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11542894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11552894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11562894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11582894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11592894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11602894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11612894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11622894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11632894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11642894.8ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
11652894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11662894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11672894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11682894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11692894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
11702894.8ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
11712894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
11722894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11732894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11742894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
11752894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11762894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11772894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11782894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11792894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11802894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11812894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11822894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11832894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
11842894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
11852894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
11862894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11872894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11882894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11892894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11902894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11912894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11922894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11932894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11942894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
11952894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11962894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11972894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11982894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11992894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12002894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12012894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12032894.8ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
12042894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12052894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12062894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
12072894.8ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12082894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12092894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12112894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12142894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12152894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12162894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12172894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12202894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12232894.8ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12262894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12292894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
12302894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12312894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12322894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12332894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12342894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12352894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12362894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
12372894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
12382894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
12392894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
12402894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12422894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
12432894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12442894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12452894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12462894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12472894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12482894.8ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
12492894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12502894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
12512894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
12522894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
12532894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
12542894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
12552894.8ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
12562894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12582894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12592894.8ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12602894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12612894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
12622894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
12632894.8ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12642894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12652894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12662894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12672894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12682894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12692894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12702894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12712894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12722894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12732894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12742894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12752894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12762894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12772894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12782894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12792894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12802894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12812894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12822894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
12832894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
12842894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
12852894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
12862894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)
12872894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
12882894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12892894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12902894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12912894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12922894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12932894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
12942894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
12952894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
12962894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
12972894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
12982894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12992894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
13002894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
13012894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13032894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13042894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13062894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
13072894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13082894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
13092894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
13102894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13112894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13152894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13162894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13172894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13202894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13232894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13262894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13272894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13292894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13302894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13312894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
13322894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13332894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13352894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13362894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
13372894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13382894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13392894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13402894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
13412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
13422894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
13432894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13442894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13452894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13462894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
13472894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
13482894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13492894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13502894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13512894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13522894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13532894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13542894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13552894.8ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
13562894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
13572894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
13582894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
13592894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
13602894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
13612894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
13622894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13632894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13642894.8ec: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13652894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13662894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13672894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13682894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13692894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13702894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13712894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13722894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13732894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
13742894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13752894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13762894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
13772894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13782894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13792894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13802894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\comctl32.dll)
13812894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\comctl32.dll
13822894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13832894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
13842894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c550000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
13852894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
13862894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d4b0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
13872894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
13882894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d310000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
13892894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13902894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
13912894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
13922894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
13932894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
13942894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
13952894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ed20000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
13962894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
13972894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ef00000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
13982894.8ec: supR3HardenedDllNotificationCallback: load 00007ff808240000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
13992894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14002894.8ec: supR3HardenedDllNotificationCallback: load 00007ffff45e0000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14012894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14022894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d550000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
14032894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
14042894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
14052894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81fd90000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
14062894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14072894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f430000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
14082894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14092894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
14102894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
14112894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14122894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14132894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f640000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
14142894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14152894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c440000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14162894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14172894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14182894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14192894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14202894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c480000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
14212894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14222894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14232894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14242894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c720000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
14252894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14262894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
14272894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
14282894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
14292894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14302894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14312894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d8e0000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
14322894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14332894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d5a0000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
14342894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14352894.8ec: supR3HardenedDllNotificationCallback: load 00007ff806b10000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
14362894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14372894.8ec: supR3HardenedDllNotificationCallback: load 00000000779c0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
14382894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14392894.8ec: supR3HardenedDllNotificationCallback: load 00007fffd4670000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
14402894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14412894.8ec: supR3HardenedDllNotificationCallback: load 0000000077450000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
14422894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14432894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ba40000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
14442894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
14452894.8ec: supR3HardenedDllNotificationCallback: load 00007ff8142e0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14462894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14472894.8ec: supR3HardenedDllNotificationCallback: load 00007ff814370000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\COMCTL32.dll [fFlags=0x0]
14482894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\comctl32.dll [avoiding WinVerifyTrust]
14492894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81fc80000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
14502894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
14512894.8ec: supR3HardenedDllNotificationCallback: load 00007ff809f60000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
14522894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14532894.8ec: supR3HardenedDllNotificationCallback: load 0000000050700000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
14542894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14552894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81d800000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
14562894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14572894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81a6d0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14582894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14592894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81a730000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
14602894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14612894.8ec: supR3HardenedDllNotificationCallback: load 00007fffd4c70000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
14622894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14632894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
14642894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
14652894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
14662894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
14672894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
14682894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
14692894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
14702894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
14712894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
14722894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
14732894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
14742894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
14752894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\comctl32.dll'.
14762894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.192_none_887f70824ab5b0de\comctl32.dll' [rescheduled]
14772894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
14782894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
14792894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
14802894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
14812894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
14822894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' [rescheduled]
14832894.8ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
14842894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
14852894.8ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
14862894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
14872894.8ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
14882894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
14892894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
14902894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
14912894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
14922894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
14932894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
14942894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
14952894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
14962894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
14972894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
14982894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
14992894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15002894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15012894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15032894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15042894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15062894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15072894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15082894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15092894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15112894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15152894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15162894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15172894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15202894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15222894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15232894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15242894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15262894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15292894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15312894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15322894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15332894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
15342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15352894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15362894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15372894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15382894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15392894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15402894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15432894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
15442894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
15452894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
15462894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15472894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15482894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15492894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15502894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15512894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15522894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15532894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15542894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15552894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15562894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15572894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f590000 'C:\WINDOWS\System32\kernel32.dll'
15582894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
15592894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15602894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-string-l1-1-0'
15612894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
15622894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15632894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-datetime-l1-1-1'
15642894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
15652894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15662894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-localization-obsolete-l1-2-0'
15672894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15682894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15692894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
15702894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15712894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15722894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15732894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15742894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15752894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15762894.8ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
15772894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15782894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15792894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15802894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f400000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
15812894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
15822894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f400000 'C:\WINDOWS\system32\IMM32.DLL'
15832894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15842894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15852894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15862894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15872894.8ec: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
15882894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15892894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f400000 'C:\WINDOWS\System32\imm32.dll'
15902894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15912894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15922894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
15932894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4c70000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
15942894.8ec: SUPR3HardenedMain: Calling TrustedMain (00007fffd4c714f0)...
15952894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
15962894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15972894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
15982894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15992894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16002894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16012894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
16022894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16032894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16042894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16052894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16062894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16072894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16082894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16092894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16112894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16132894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16152894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16162894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16172894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16192894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16202894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16222894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16232894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16252894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16262894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16282894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16292894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16312894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16322894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
16332894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
16342894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16352894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16362894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16372894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16382894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16392894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16402894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16432894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16442894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
16452894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
16462894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16472894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16482894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16492894.8ec: supR3HardenedDllNotificationCallback: load 00007ffff2b90000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16502894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16512894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff2b90000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16522894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16532894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
16542894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
16552894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
16562894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
16572894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
16582894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
16592894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16602894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16612894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16622894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
16632894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
16642894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16652894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16662894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16672894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16682894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16692894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16702894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16712894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16722894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16732894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16742894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81a9e0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
16752894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16762894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a9e0000 'C:\WINDOWS\system32\uxtheme.dll'
16772894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ef00000 'C:\WINDOWS\system32\user32.dll'
16782894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16792894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16802894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
16812894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
16822894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
16832894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
16842894.8ec: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
16852894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16862894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f430000 'C:\WINDOWS\system32\SHCore.dll'
16872894.8ec: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
16882894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
16892894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16902894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
16912894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
16922894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
16932894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
16942894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16952894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ac10000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
16962894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16972894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16982894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16992894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17002894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17012894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17032894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17042894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17062894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
17072894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
17082894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17092894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17102894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17112894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\system32\winmm.dll'
17122894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17132894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17142894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\system32\winmm.dll'
17152894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17162894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17172894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
17182894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17192894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17202894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a9e0000 'C:\WINDOWS\system32\uxtheme.dll'
17212894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17222894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17232894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4e0000 'C:\WINDOWS\system32\advapi32.dll'
17242894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
17252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
17262894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17272894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
17282894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17292894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17312894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17322894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17332894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17352894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17362894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17372894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81c320000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17382894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17392894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81c320000 'C:\WINDOWS\system32\userenv.dll'
17402894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17412894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17422894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f590000 'C:\WINDOWS\System32\kernel32.dll'
17432894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81fb80000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
17442894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17452894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
17462894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
17472894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
17482894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17492894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17502894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
17512894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17522894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17532894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
17542894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
17552894.3bd0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
17562894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
17572894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17582894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17592894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17602894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17612894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17622894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17632894.3bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17642894.3bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17652894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17662894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17672894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17682894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17692894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17702894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17712894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17722894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17732894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17742894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17752894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17762894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17772894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17782894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17792894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17802894.3bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17812894.3bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17822894.3bd0: supR3HardenedDllNotificationCallback: load 00007fffda4c0000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17832894.3bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17842894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffda4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17852894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
17862894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17872894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17882894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17892894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17902894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17912894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17922894.3bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17932894.3bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
17942894.3bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17952894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17962894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17972894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17982894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17992894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18002894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18012894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18022894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18032894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18042894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18052894.3bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18062894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18072894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
18082894.3bd0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18092894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18102894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18112894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18122894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18132894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18142894.3bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18152894.3bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18162894.3bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18172894.3bd0: supR3HardenedDllNotificationCallback: load 00007ffff9a50000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
18182894.3bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18192894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff9a50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
18202894.3bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18212894.3bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18222894.3bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d800000 'C:\Windows\System32\oleaut32.dll'
18232894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18242894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ed20000 'C:\WINDOWS\system32\gdi32.dll'
18262894.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18272894.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18282894.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18292894.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18302894.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18312894.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
18322894.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
18332894.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18342894.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18352894.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18362894.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18372894.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18382894.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
18392894.2e68: supR3HardenedDllNotificationCallback: load 00007ff81a7d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
18402894.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
18412894.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
18422894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18432894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18442894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
18452894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81f290000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18462894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18472894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
18482894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
18492894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
18502894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
18512894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
18522894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
18532894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18542894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18552894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18562894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18572894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18582894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18592894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18602894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18612894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18622894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18632894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18642894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18652894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18662894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
18672894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
18682894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a4c pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18692894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
18702894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
18712894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
18722894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18732894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
18742894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
18752894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18762894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18772894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
18782894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
18792894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
18802894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
18812894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
18822894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18832894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
18842894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18852894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18862894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
18872894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18882894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18892894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
18902894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18912894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18922894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18932894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18942894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18952894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18962894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18972894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18982894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
18992894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
19002894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19012894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19022894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
19032894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
19042894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19052894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19062894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19072894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19082894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
19092894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19112894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19122894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19142894.8ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19152894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19162894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19172894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19182894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19202894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19232894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19262894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19272894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
19282894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
19292894.8ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
19302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19312894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19322894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
19332894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19352894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19362894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19372894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19382894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19392894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19402894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81b290000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19412894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19422894.8ec: supR3HardenedDllNotificationCallback: load 00007ff819280000 LB 0x002e1000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19432894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19442894.8ec: supR3HardenedDllNotificationCallback: load 00007ff819e90000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19452894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19462894.8ec: supR3HardenedDllNotificationCallback: load 00007ffffff90000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19472894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19482894.8ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19492894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
19502894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ed20000 'C:\WINDOWS\System32\gdi32.dll'
19512894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffff90000 'C:\WINDOWS\system32\dataexchange.dll'
19522894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19532894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
19542894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
19552894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
19562894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
19572894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
19582894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
19592894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19602894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
19612894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
19622894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
19632894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ad00000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
19642894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
19652894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81ad90000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19662894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19672894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19682894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
19692894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
19702894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
19712894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
19722894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19732894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
19742894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
19752894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
19762894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
19772894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19782894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
19792894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
19802894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
19812894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
19822894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
19832894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
19842894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
19852894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
19862894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
19872894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
19882894.8ec: supR3HardenedDllNotificationCallback: load 00007ff81b560000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
19892894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
19902894.8ec: supR3HardenedDllNotificationCallback: load 00007ff819590000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
19912894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
19922894.8ec: supR3HardenedDllNotificationCallback: load 00007ff818300000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
19932894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
19942894.8ec: supR3HardenedDllNotificationCallback: load 00007ff816780000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
19952894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
19962894.8ec: supR3HardenedDllNotificationCallback: load 00007ff8064c0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
19972894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
19982894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
19992894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
20002894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
20012894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20022894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20032894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20042894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20052894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20062894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20072894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20082894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20092894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20102894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20112894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20122894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
20132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
20142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
20152894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
20162894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20172894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
20192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
20202894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
20212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
20222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
20232894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
20242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20262894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20272894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20282894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20292894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20302894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20312894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20322894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20332894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20342894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20352894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20362894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20372894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20382894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
20392894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
20402894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
20412894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20422894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20432894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20442894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20452894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
20462894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20472894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20482894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
20492894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20502894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20512894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
20522894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20532894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20542894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
20552894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20562894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20572894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
20582894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20592894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20602894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
20612894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20622894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20632894.8ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
20642894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20652894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20662894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d800000 'C:\WINDOWS\System32\OLEAUT32.DLL'
20672894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
20682894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20692894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ef00000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
20702894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
20712894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20722894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ef00000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
20732894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
20742894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20752894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81fd90000 'api-ms-win-core-com-l1-1-0.dll'
20762894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
20772894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20782894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f290000 'C:\WINDOWS\System32\MSCTF.dll'
20792894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20802894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20812894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d5a0000 'C:\WINDOWS\System32\ole32.dll'
20822894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20832894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20842894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d800000 'C:\WINDOWS\System32\OLEAUT32.dll'
20852894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b54 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20862894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
20872894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
20882894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
20892894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
20902894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
20912894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20922894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20932894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20942894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20952894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20962894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20972894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20982894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20992894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21002894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b60 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21012894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
21022894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
21032894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
21042894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
21052894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
21062894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
21072894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21082894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21092894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
21102894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
21112894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
21122894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21132894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21142894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21152894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21162894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21172894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21182894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21192894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21202894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21212894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21222894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21232894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
21242894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21252894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21262894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21272894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21282894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21292894.8ec: supR3HardenedDllNotificationCallback: load 00007ff810e30000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21302894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21312894.8ec: supR3HardenedDllNotificationCallback: load 00007ff810a00000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
21322894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21332894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
21342894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21352894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21362894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff810a00000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
21372894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21382894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
21392894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
21402894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331
21412894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
21422894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
21432894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
21442894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21452894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21462894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21472894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21482894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21492894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21502894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21512894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21522894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21532894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21542894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21552894.8ec: supR3HardenedDllNotificationCallback: load 00007ff8122a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
21562894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21572894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8122a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
21582894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
21592894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21602894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-localization-l1-2-0.dll'
21612894.8ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
21622894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21632894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d0a0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21642894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c0c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21652894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
21662894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
21672894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
21682894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
21692894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
21702894.8ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21712894.8ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21722894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21732894.8ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
21742894.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21752894.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21762894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21772894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21782894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21792894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21802894.8ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21812894.8ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21822894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21832894.8ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21842894.8ec: supR3HardenedDllNotificationCallback: load 00007ff812920000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21852894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21862894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff812920000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21872894.2824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
21882894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21892894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21902894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21912894.2824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21922894.2824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21932894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21942894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21952894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21962894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21972894.2824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
21982894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21992894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22002894.2824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22012894.2824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
22022894.2824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22032894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22042894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22052894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22062894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22072894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22082894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22092894.2824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22102894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22112894.2824: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22122894.2824: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22132894.2824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22142894.2824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22152894.2824: supR3HardenedDllNotificationCallback: load 00000000503f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22162894.2824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22172894.2824: supR3HardenedDllNotificationCallback: load 00007fffe7e70000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22182894.2824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22192894.2824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe7e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22202894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22212894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf8 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22222894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
22232894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
22242894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F30E80B88384D221750DC79ADCE84BDFB8A5A73A
22252894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22262894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
22272894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
22282894.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22292894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
22302894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
22312894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'oleaut32.dll'.
22322894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'ws2_32.dll'.
22332894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'netsetupapi.dll'.
22342894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'setupapi.dll'.
22352894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
22362894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22372894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22382894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22392894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22402894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
22412894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22422894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
22432894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
22442894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
22452894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22462894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
22472894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
22482894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22492894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22502894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
22512894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22522894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22532894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22542894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22552894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22562894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
22572894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22582894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
22592894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
22602894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22612894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22622894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22632894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22642894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22652894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22662894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22672894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22682894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22692894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22702894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
22712894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22722894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22732894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22742894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22752894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22762894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
22772894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22782894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
22792894.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
22802894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22812894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22822894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22832894.9f0: supR3HardenedDllNotificationCallback: load 00007ff80ce30000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
22842894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22852894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81f720000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
22862894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22872894.9f0: supR3HardenedDllNotificationCallback: load 00007ff80c4b0000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
22882894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22892894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c4b0000 'C:\Windows\System32\NetSetupShim.dll'
22902894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
22912894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
22922894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22932894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
22942894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
22952894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
22962894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
22972894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
22982894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
22992894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23002894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23012894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
23022894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
23032894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
23042894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
23052894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23062894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23072894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23082894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23092894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23102894.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
23112894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
23122894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
23132894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23142894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23152894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23162894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
23172894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
23182894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23192894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23202894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23212894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23222894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23232894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
23242894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23252894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81fb70000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
23262894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
23272894.9f0: supR3HardenedDllNotificationCallback: load 00007ff818880000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
23282894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23292894.9f0: supR3HardenedDllNotificationCallback: load 00007ffff2ac0000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
23302894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
23312894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff2ac0000 'C:\Windows\System32\NetSetupEngine.dll'
23322894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23332894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
23342894.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
23352894.13b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23362894.13b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23372894.13b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23382894.13b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23392894.13b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23402894.13b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23412894.13b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23422894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23432894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23442894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23452894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23462894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23472894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23482894.13b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23492894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23502894.13b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23512894.13b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23522894.13b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23532894.13b0: supR3HardenedDllNotificationCallback: load 00007ff81a090000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23542894.13b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23552894.13b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a090000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23562894.13b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ef00000 'C:\WINDOWS\system32\User32.dll'
23572894.37e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23582894.37e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23592894.37e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23602894.37e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23612894.37e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23622894.37e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23632894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23642894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23652894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23662894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23672894.37e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23682894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23692894.37e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23702894.37e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23712894.37e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23722894.37e0: supR3HardenedDllNotificationCallback: load 00007ff81a060000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23732894.37e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23742894.37e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a060000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23752894.303c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23762894.303c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23772894.303c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23782894.303c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23792894.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
23802894.303c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23812894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23822894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23832894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23842894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23852894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23862894.303c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23872894.303c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23882894.303c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23892894.303c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23902894.303c: supR3HardenedDllNotificationCallback: load 00007ff81a030000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
23912894.303c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23922894.303c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a030000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
23932894.334c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
23942894.334c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23952894.334c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23962894.334c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23972894.334c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
23982894.334c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23992894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24002894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24012894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24022894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24032894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24042894.334c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24052894.334c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24062894.334c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24072894.334c: supR3HardenedDllNotificationCallback: load 00007ff81a020000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
24082894.334c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24092894.334c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a020000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
24102894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\Shell32.dll'
24112894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24122894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24132894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe7e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24142894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24152894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24162894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24172894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24182894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24192894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24202894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
24212894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24222894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24232894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24242894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24252894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24262894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24272894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24282894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24292894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24302894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24312894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24322894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24332894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24342894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24352894.9f0: supR3HardenedDllNotificationCallback: load 00007ff815320000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24362894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24372894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff815320000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24382894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff815320000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
24392894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24402894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24412894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24422894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24432894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24442894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24452894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24462894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24472894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24482894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24492894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24502894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24512894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
24522894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24532894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24542894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24552894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
24562894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24572894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
24582894.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
24592894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24602894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24612894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24622894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24632894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24642894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24652894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24662894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24672894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24682894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24692894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24702894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24712894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24722894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24732894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24742894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
24752894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24762894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
24772894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
24782894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24792894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24802894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24812894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24822894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
24832894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24842894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24852894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24862894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24872894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24882894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24892894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24902894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24912894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24922894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24932894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24942894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24952894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24962894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24972894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24982894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24992894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25002894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25012894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25022894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25032894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25042894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25052894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25062894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25072894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25082894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25092894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25102894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25112894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25122894.9f0: supR3HardenedDllNotificationCallback: load 00007ff8081d0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
25132894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25142894.9f0: supR3HardenedDllNotificationCallback: load 00007ff815310000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
25152894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25162894.9f0: supR3HardenedDllNotificationCallback: load 00007fffcc280000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
25172894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25182894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc280000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
25192894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25202894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25212894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25222894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25232894.9f0: supR3HardenedDllNotificationCallback: load 00007ff80d6a0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
25242894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25252894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80d6a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
25262894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25272894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25282894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25292894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffda4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
25302894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25312894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25322894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25332894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff815310000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
25342894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25352894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25362894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25372894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25382894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
25392894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25402894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25412894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25422894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25432894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25442894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25452894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25462894.9f0: supR3HardenedDllNotificationCallback: load 00007ff818750000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
25472894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25482894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818750000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
25492894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25502894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25512894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25522894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25532894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
25542894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25552894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25562894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25572894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25582894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25592894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25602894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25612894.9f0: supR3HardenedDllNotificationCallback: load 00007ff817cc0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
25622894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25632894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817cc0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
25642894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25652894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25662894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25672894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25682894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
25692894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25702894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25712894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25722894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25732894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25742894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25752894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25762894.9f0: supR3HardenedDllNotificationCallback: load 00007ff8152f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
25772894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25782894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8152f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
25792894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25802894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25812894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25822894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25832894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
25842894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25852894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25862894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25872894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25882894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25892894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25902894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25912894.9f0: supR3HardenedDllNotificationCallback: load 00007ff80d680000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
25922894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25932894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80d680000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
25942894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25952894.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
25962894.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25972894.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25982894.13ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25992894.13ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
26002894.13ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26012894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26022894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26032894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26042894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26052894.13ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26062894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26072894.13ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26082894.13ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26092894.13ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26102894.13ac: supR3HardenedDllNotificationCallback: load 00007ff817940000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
26112894.13ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26122894.13ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
26132894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26142894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26152894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26162894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26172894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26182894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26192894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
26202894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
26212894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26222894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26232894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26242894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26252894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26262894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26272894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26282894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26292894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26302894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26312894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26322894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26332894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26342894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26352894.9f0: supR3HardenedDllNotificationCallback: load 00007ffff6a50000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
26362894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26372894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
26382894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26392894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
26402894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26412894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
26422894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
26432894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
26442894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
26452894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26462894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
26472894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
26482894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26492894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
26502894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26512894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
26522894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
26532894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
26542894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
26552894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
26562894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
26572894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26582894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26592894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26602894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26612894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26622894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26632894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26642894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
26652894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
26662894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
26672894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
26682894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26692894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26702894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26712894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26722894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26732894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26742894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
26752894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26762894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
26772894.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
26782894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26792894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26802894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
26812894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26822894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81c230000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
26832894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
26842894.9f0: supR3HardenedDllNotificationCallback: load 00007ff819c80000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
26852894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26862894.9f0: supR3HardenedDllNotificationCallback: load 00007ff8145b0000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
26872894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26882894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8145b0000 'C:\WINDOWS\System32\MMDevApi.dll'
26892894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
26902894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
26912894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
26922894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
26932894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
26942894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
26952894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
26962894.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26972894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26982894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
26992894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
27002894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
27012894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27022894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27032894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27042894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27052894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27062894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27072894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27082894.9f0: supR3HardenedDllNotificationCallback: load 00007ffff6550000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
27092894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27102894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27112894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27122894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\System32\dsound.dll'
27132894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\System32\dsound.dll'
27142894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27152894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27162894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
27172894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27182894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27192894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8145b0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
27202894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27212894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27222894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
27232894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001040 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27242894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
27252894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
27262894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
27272894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
27282894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
27292894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
27302894.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27312894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27322894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
27332894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
27342894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
27352894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
27362894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27372894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
27382894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
27392894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
27402894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
27412894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
27422894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
27432894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
27442894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
27452894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
27462894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
27472894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27482894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
27492894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27502894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27512894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27522894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27532894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27542894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27552894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27562894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27572894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27582894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27592894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27602894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27612894.9f0: supR3HardenedDllNotificationCallback: load 00007ff818870000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
27622894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27632894.9f0: supR3HardenedDllNotificationCallback: load 00007ff818850000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
27642894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27652894.9f0: supR3HardenedDllNotificationCallback: load 00007ff817980000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
27662894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27672894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
27682894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27692894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27702894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
27712894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27722894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27732894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
27742894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27752894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27762894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
27772894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27782894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27792894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
27802894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
27812894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
27822894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
27832894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
27842894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
27852894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
27862894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
27872894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
27882894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27892894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
27902894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
27912894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27922894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27932894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27942894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27952894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27962894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27972894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27982894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27992894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
28002894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
28012894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
28022894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28032894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28042894.9f0: supR3HardenedDllNotificationCallback: load 00007ffff89a0000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
28052894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28062894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff89a0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
28072894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28082894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28092894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28102894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28112894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28122894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28132894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28142894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28152894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28162894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28172894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28182894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28192894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28202894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28212894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28222894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28232894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28242894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28252894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28262894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28272894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28282894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28292894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28302894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28312894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28322894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28332894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28342894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28352894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28362894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817980000 'C:\WINDOWS\System32\wdmaud.drv'
28372894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b0 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
28382894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
28392894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
28402894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
28412894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
28422894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
28432894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
28442894.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28452894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28462894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
28472894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
28482894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
28492894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
28502894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28512894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
28522894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
28532894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
28542894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
28552894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
28562894.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
28572894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
28582894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
28592894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
28602894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
28612894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28622894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
28632894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28642894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28652894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28662894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28672894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28682894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28692894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28702894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28712894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28722894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28732894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28742894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81a770000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
28752894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28762894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81a7b0000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
28772894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28782894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28792894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28802894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28812894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28822894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28832894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28842894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28852894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28862894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28872894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28882894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28892894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28902894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28912894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28922894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28932894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28942894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28952894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28962894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28972894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28982894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
28992894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a7b0000 'C:\WINDOWS\System32\msacm32.drv'
29002894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
29012894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d72c10
29022894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d72c10
29032894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
29042894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
29052894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ced0000 'C:\WINDOWS\System32\crypt32.dll'
29062894.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
29072894.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29082894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29092894.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
29102894.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
29112894.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
29122894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29132894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29142894.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29152894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29162894.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29172894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29182894.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29192894.9f0: supR3HardenedDllNotificationCallback: load 00007ff81a760000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
29202894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29212894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a760000 'C:\WINDOWS\System32\midimap.dll'
29222894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29232894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29242894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a760000 'C:\WINDOWS\System32\midimap.dll'
29252894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29262894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29272894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a760000 'C:\WINDOWS\System32\midimap.dll'
29282894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
29292894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29302894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a760000 'C:\WINDOWS\System32\midimap.dll'
29312894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29322894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29332894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29342894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29352894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29362894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29372894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29382894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29392894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29402894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29412894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29422894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29432894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29442894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29452894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29462894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29472894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29482894.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29492894.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29502894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe7e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29512894.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b8c0000 'C:\WINDOWS\system32\rsaenh.dll'
29522894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29532894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29542894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29552894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29562894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29572894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29582894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29592894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29602894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29612894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29622894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29632894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29642894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29652894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29662894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29672894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29682894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29692894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29702894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29712894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29722894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29732894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29742894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29752894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29762894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29772894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29782894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29792894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29802894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29812894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29822894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29832894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
29842894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29852894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29862894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29872894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29882894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29892894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29902894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29912894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29922894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29932894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29942894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29952894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29962894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29972894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
29982894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
29992894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30002894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30012894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30022894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30032894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30042894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30052894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30062894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30072894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30082894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30092894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30102894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30112894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30122894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30132894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30142894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30152894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30162894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30172894.2ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30182894.2ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30192894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30202894.2ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30212894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30222894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30232894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30242894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30252894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30262894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30272894.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
30282894.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30292894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30302894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30312894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30322894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30332894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30342894.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d8e0000 'C:\WINDOWS\system32\shell32.dll'
30352894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30362894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30372894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30382894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30392894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30402894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30412894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30422894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30432894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30442894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30452894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30462894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30472894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30482894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30492894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30502894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30512894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30522894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30532894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30542894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30552894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30562894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30572894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30582894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30592894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30602894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30612894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30622894.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30632894.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30642894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30652894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30662894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30672894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30682894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30692894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30702894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30712894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30722894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30732894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30742894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30752894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30762894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30772894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30782894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30792894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30802894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30812894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30822894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30832894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30842894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30852894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30862894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30872894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30882894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30892894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6550000 'C:\WINDOWS\system32\dsound.dll'
30902894.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a730000 'C:\WINDOWS\System32\winmm.dll'
30912894.13ac: supR3HardenedDllNotificationCallback: Unload 00007ff817940000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
30922894.334c: supR3HardenedDllNotificationCallback: Unload 00007ff81a020000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
30932894.303c: supR3HardenedDllNotificationCallback: Unload 00007ff81a030000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
30942894.37e0: supR3HardenedDllNotificationCallback: Unload 00007ff81a060000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
30952894.13b0: supR3HardenedDllNotificationCallback: Unload 00007ff81a090000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
30962894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff80d680000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
30972894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff8152f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
30982894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff817cc0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
30992894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff818750000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
31002894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff80d6a0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
31012894.9f0: supR3HardenedDllNotificationCallback: Unload 00007fffcc280000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
31022894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff8081d0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
31032894.9f0: supR3HardenedDllNotificationCallback: Unload 00007ff815310000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
31042894.8ec: supR3HardenedDllNotificationCallback: Unload 00007ff81a7d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
31052894.8ec: supR3HardenedDllNotificationCallback: Unload 00007ff8122a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
31062894.8ec: supR3HardenedDllNotificationCallback: Unload 00007ff812920000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
31072894.8ec: supR3HardenedDllNotificationCallback: Unload 00007ff810a00000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
31082894.8ec: supR3HardenedDllNotificationCallback: Unload 00007ff810e30000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
31092894.8ec: Terminating the normal way: rcExit=0
31103208.25ac: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2518387 ms, the end);
3111207c.1288: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2518773 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy