VirtualBox

Ticket #17865: VBoxHardening.2.log

File VBoxHardening.2.log, 266.7 KB (added by MarcelloRothery, 6 years ago)

Old log, of June, when VirtualBox was still ok

Line 
12e90.33ec: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0383900
22e90.33ec: \SystemRoot\System32\ntdll.dll:
32e90.33ec: CreationTime: 2017-02-22T13:40:30.554993000Z
42e90.33ec: LastWriteTime: 2017-02-22T13:40:30.554993000Z
52e90.33ec: ChangeTime: 2017-05-11T16:22:53.190297100Z
62e90.33ec: FileAttributes: 0x20
72e90.33ec: Size: 0x1cc888
82e90.33ec: NT Headers: 0xd8
92e90.33ec: Timestamp: 0x5825887f
102e90.33ec: Machine: 0x8664 - amd64
112e90.33ec: Timestamp: 0x5825887f
122e90.33ec: Image Version: 10.0
132e90.33ec: SizeOfImage: 0x1d1000 (1904640)
142e90.33ec: Resource Dir: 0x168000 LB 0x67988
152e90.33ec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162e90.33ec: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
172e90.33ec: ProductName: Microsoft® Windows® Operating System
182e90.33ec: ProductVersion: 10.0.14393.479
192e90.33ec: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
202e90.33ec: FileDescription: NT Layer DLL
212e90.33ec: \SystemRoot\System32\kernel32.dll:
222e90.33ec: CreationTime: 2017-05-11T16:08:36.019730300Z
232e90.33ec: LastWriteTime: 2017-04-28T00:49:43.332433600Z
242e90.33ec: ChangeTime: 2017-05-16T22:52:25.717256000Z
252e90.33ec: FileAttributes: 0x20
262e90.33ec: Size: 0xab208
272e90.33ec: NT Headers: 0xf0
282e90.33ec: Timestamp: 0x59028368
292e90.33ec: Machine: 0x8664 - amd64
302e90.33ec: Timestamp: 0x59028368
312e90.33ec: Image Version: 10.0
322e90.33ec: SizeOfImage: 0xac000 (704512)
332e90.33ec: Resource Dir: 0xaa000 LB 0x530
342e90.33ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352e90.33ec: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
362e90.33ec: ProductName: Microsoft® Windows® Operating System
372e90.33ec: ProductVersion: 10.0.14393.1198
382e90.33ec: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
392e90.33ec: FileDescription: Windows NT BASE API Client DLL
402e90.33ec: \SystemRoot\System32\KernelBase.dll:
412e90.33ec: CreationTime: 2017-05-11T16:09:39.444485500Z
422e90.33ec: LastWriteTime: 2017-04-28T00:53:45.822385100Z
432e90.33ec: ChangeTime: 2017-05-16T22:52:44.312988300Z
442e90.33ec: FileAttributes: 0x20
452e90.33ec: Size: 0x21c780
462e90.33ec: NT Headers: 0xf8
472e90.33ec: Timestamp: 0x5902808f
482e90.33ec: Machine: 0x8664 - amd64
492e90.33ec: Timestamp: 0x5902808f
502e90.33ec: Image Version: 10.0
512e90.33ec: SizeOfImage: 0x21d000 (2215936)
522e90.33ec: Resource Dir: 0x201000 LB 0x558
532e90.33ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542e90.33ec: [Raw version resource data: 0x2010b0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
552e90.33ec: ProductName: Microsoft® Windows® Operating System
562e90.33ec: ProductVersion: 10.0.14393.1198
572e90.33ec: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
582e90.33ec: FileDescription: Windows NT BASE API Client DLL
592e90.33ec: \SystemRoot\System32\apisetschema.dll:
602e90.33ec: CreationTime: 2016-07-16T11:42:21.577586000Z
612e90.33ec: LastWriteTime: 2016-07-16T11:42:21.577586000Z
622e90.33ec: ChangeTime: 2017-02-22T13:23:34.571806800Z
632e90.33ec: FileAttributes: 0x20
642e90.33ec: Size: 0x18960
652e90.33ec: NT Headers: 0xc8
662e90.33ec: Timestamp: 0x57899bd2
672e90.33ec: Machine: 0x8664 - amd64
682e90.33ec: Timestamp: 0x57899bd2
692e90.33ec: Image Version: 10.0
702e90.33ec: SizeOfImage: 0x19000 (102400)
712e90.33ec: Resource Dir: 0x18000 LB 0x400
722e90.33ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732e90.33ec: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
742e90.33ec: ProductName: Microsoft® Windows® Operating System
752e90.33ec: ProductVersion: 10.0.14393.0
762e90.33ec: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
772e90.33ec: FileDescription: ApiSet Schema DLL
782e90.33ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792e90.33ec: supR3HardenedWinFindAdversaries: 0x20
802e90.33ec: \SystemRoot\System32\drivers\cfwids.sys:
812e90.33ec: CreationTime: 2015-07-02T17:33:00.000000000Z
822e90.33ec: LastWriteTime: 2017-01-20T13:07:50.000000000Z
832e90.33ec: ChangeTime: 2017-03-28T21:42:50.468034700Z
842e90.33ec: FileAttributes: 0x20
852e90.33ec: Size: 0x15990
862e90.33ec: NT Headers: 0xe0
872e90.33ec: Timestamp: 0x587f9e8a
882e90.33ec: Machine: 0x8664 - amd64
892e90.33ec: Timestamp: 0x587f9e8a
902e90.33ec: Image Version: 0.0
912e90.33ec: SizeOfImage: 0x16000 (90112)
922e90.33ec: Resource Dir: 0x14000 LB 0x550
932e90.33ec: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
942e90.33ec: [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)]
952e90.33ec: ProductName: SYSCORE
962e90.33ec: ProductVersion: 15.6.0.1220
972e90.33ec: FileVersion: SYSCORE.15.6.0.1220
982e90.33ec: PrivateBuild: SYSCORE.15.6.0.1220
992e90.33ec: FileDescription: McAfee Personal Firewall IDS Plugin
1002e90.33ec: \SystemRoot\System32\drivers\mfeavfk.sys:
1012e90.33ec: CreationTime: 2015-07-02T17:33:00.000000000Z
1022e90.33ec: LastWriteTime: 2017-01-20T13:07:50.000000000Z
1032e90.33ec: ChangeTime: 2017-03-28T21:42:42.618811300Z
1042e90.33ec: FileAttributes: 0x20
1052e90.33ec: Size: 0x596f8
1062e90.33ec: NT Headers: 0xe8
1072e90.33ec: Timestamp: 0x587f9e28
1082e90.33ec: Machine: 0x8664 - amd64
1092e90.33ec: Timestamp: 0x587f9e28
1102e90.33ec: Image Version: 0.0
1112e90.33ec: SizeOfImage: 0x59000 (364544)
1122e90.33ec: Resource Dir: 0x57000 LB 0x758
1132e90.33ec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1142e90.33ec: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
1152e90.33ec: ProductName: SYSCORE
1162e90.33ec: ProductVersion: 15.6.0.1220
1172e90.33ec: FileVersion: SYSCORE.15.6.0.1220
1182e90.33ec: PrivateBuild: SYSCORE.15.6.0.1220 F15,F16,F19
1192e90.33ec: FileDescription: Anti-Virus File System Filter Driver
1202e90.33ec: \SystemRoot\System32\drivers\mfefirek.sys:
1212e90.33ec: CreationTime: 2015-07-02T17:33:00.000000000Z
1222e90.33ec: LastWriteTime: 2017-01-20T13:07:50.000000000Z
1232e90.33ec: ChangeTime: 2017-03-28T21:42:50.250806300Z
1242e90.33ec: FileAttributes: 0x20
1252e90.33ec: Size: 0x7ea30
1262e90.33ec: NT Headers: 0xe0
1272e90.33ec: Timestamp: 0x587f9e6d
1282e90.33ec: Machine: 0x8664 - amd64
1292e90.33ec: Timestamp: 0x587f9e6d
1302e90.33ec: Image Version: 0.0
1312e90.33ec: SizeOfImage: 0x7f000 (520192)
1322e90.33ec: Resource Dir: 0x7b000 LB 0x388
1332e90.33ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1342e90.33ec: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
1352e90.33ec: ProductName: SYSCORE
1362e90.33ec: ProductVersion: 15.6.0.1220
1372e90.33ec: FileVersion: SYSCORE.15.6.0.1220
1382e90.33ec: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
1392e90.33ec: FileDescription: McAfee Core Firewall Engine Driver
1402e90.33ec: \SystemRoot\System32\drivers\mfehidk.sys:
1412e90.33ec: CreationTime: 2015-07-02T17:33:00.000000000Z
1422e90.33ec: LastWriteTime: 2017-01-20T13:07:50.000000000Z
1432e90.33ec: ChangeTime: 2017-03-28T21:42:48.857123000Z
1442e90.33ec: FileAttributes: 0x20
1452e90.33ec: Size: 0xe17f8
1462e90.33ec: NT Headers: 0x100
1472e90.33ec: Timestamp: 0x587f9df5
1482e90.33ec: Machine: 0x8664 - amd64
1492e90.33ec: Timestamp: 0x587f9df5
1502e90.33ec: Image Version: 0.0
1512e90.33ec: SizeOfImage: 0xe8000 (950272)
1522e90.33ec: Resource Dir: 0xe4000 LB 0x758
1532e90.33ec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1542e90.33ec: [Raw version resource data: 0xe4110 LB 0x320, codepage 0x0 (reserved 0x0)]
1552e90.33ec: ProductName: SYSCORE
1562e90.33ec: ProductVersion: 15.6.0.1220
1572e90.33ec: FileVersion: SYSCORE.15.6.0.1220
1582e90.33ec: PrivateBuild: SYSCORE.15.6.0.1220 F14,F15,F16,F18,F20
1592e90.33ec: FileDescription: McAfee Link Driver
1602e90.33ec: \SystemRoot\System32\drivers\mfencbdc.sys:
1612e90.33ec: CreationTime: 2017-01-19T03:31:06.000000000Z
1622e90.33ec: LastWriteTime: 2017-01-19T03:31:06.000000000Z
1632e90.33ec: ChangeTime: 2017-03-28T21:44:21.789292000Z
1642e90.33ec: FileAttributes: 0x20
1652e90.33ec: Size: 0x79bd8
1662e90.33ec: NT Headers: 0xe0
1672e90.33ec: Timestamp: 0x587cd349
1682e90.33ec: Machine: 0x8664 - amd64
1692e90.33ec: Timestamp: 0x587cd349
1702e90.33ec: Image Version: 0.0
1712e90.33ec: SizeOfImage: 0x7c000 (507904)
1722e90.33ec: Resource Dir: 0x7a000 LB 0x3d8
1732e90.33ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1742e90.33ec: [Raw version resource data: 0x7a060 LB 0x378, codepage 0x0 (reserved 0x0)]
1752e90.33ec: ProductName: Anti-Malware Core
1762e90.33ec: ProductVersion: 1.5.0
1772e90.33ec: FileVersion: Anti-Malware Core.1.5.0.1983.x64
1782e90.33ec: PrivateBuild: Anti-Malware Core.1.5.0.1983.x64
1792e90.33ec: FileDescription: Event Driver
1802e90.33ec: \SystemRoot\System32\drivers\mfewfpk.sys:
1812e90.33ec: CreationTime: 2015-07-02T17:33:00.000000000Z
1822e90.33ec: LastWriteTime: 2017-01-20T13:07:50.000000000Z
1832e90.33ec: ChangeTime: 2017-03-28T21:42:47.178414300Z
1842e90.33ec: FileAttributes: 0x20
1852e90.33ec: Size: 0x3e350
1862e90.33ec: NT Headers: 0xf0
1872e90.33ec: Timestamp: 0x587f9e01
1882e90.33ec: Machine: 0x8664 - amd64
1892e90.33ec: Timestamp: 0x587f9e01
1902e90.33ec: Image Version: 0.0
1912e90.33ec: SizeOfImage: 0x59000 (364544)
1922e90.33ec: Resource Dir: 0x57000 LB 0x380
1932e90.33ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1942e90.33ec: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1952e90.33ec: ProductName: SYSCORE
1962e90.33ec: ProductVersion: 15.6.0.1220
1972e90.33ec: FileVersion: SYSCORE.15.6.0.1220
1982e90.33ec: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
1992e90.33ec: FileDescription: Anti-Virus Mini-Firewall Driver
2002e90.33ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2012e90.33ec: Calling main()
2022e90.33ec: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2032e90.33ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2042e90.33ec: SUPR3HardenedMain: Respawn #1
2052e90.33ec: System32: \Device\HarddiskVolume3\Windows\System32
2062e90.33ec: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2072e90.33ec: KnownDllPath: C:\WINDOWS\System32
2082e90.33ec: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2092e90.33ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2102e90.33ec: supR3HardNtEnableThreadCreation:
2112e90.33ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb90bc9fa0 pvNtTerminateThread=00007ffb90bf6b20
2122e90.33ec: supR3HardenedWinDoReSpawn(1): New child 311c.2830 [kernel32].
2132e90.33ec: supR3HardNtChildGatherData: PebBaseAddress=000000000041c000 cbPeb=0x388
2142e90.33ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb90b50000 uNtDllChildAddr=00007ffb90b50000
2152e90.33ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb90bc9fa0
2162e90.33ec: supR3HardenedWinSetupChildInit: Start child.
2172e90.33ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2182e90.33ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 61 sleeps
2192e90.33ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2202e90.33ec: *0000000000000000-00000000003affff 0x0001/0x0000 0x0000000
2212e90.33ec: *00000000003b0000-00000000003cffff 0x0004/0x0004 0x0020000
2222e90.33ec: *00000000003d0000-00000000003e5fff 0x0002/0x0002 0x0040000
2232e90.33ec: 00000000003e6000-00000000003effff 0x0001/0x0000 0x0000000
2242e90.33ec: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
2252e90.33ec: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000
2262e90.33ec: *0000000000400000-000000000041bfff 0x0000/0x0004 0x0020000
2272e90.33ec: 000000000041c000-000000000041efff 0x0004/0x0004 0x0020000
2282e90.33ec: 000000000041f000-00000000005fffff 0x0000/0x0004 0x0020000
2292e90.33ec: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
2302e90.33ec: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
2312e90.33ec: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
2322e90.33ec: *0000000000700000-0000000000701fff 0x0004/0x0004 0x0020000
2332e90.33ec: 0000000000702000-000000007ffdffff 0x0001/0x0000 0x0000000
2342e90.33ec: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2352e90.33ec: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2362e90.33ec: 000000007fff0000-00007ff7ff65ffff 0x0001/0x0000 0x0000000
2372e90.33ec: *00007ff7ff660000-00007ff7ff682fff 0x0002/0x0002 0x0040000
2382e90.33ec: 00007ff7ff683000-00007ff7ff70ffff 0x0001/0x0000 0x0000000
2392e90.33ec: *00007ff7ff710000-00007ff7ff710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2402e90.33ec: 00007ff7ff711000-00007ff7ff780fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2412e90.33ec: 00007ff7ff781000-00007ff7ff781fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2422e90.33ec: 00007ff7ff782000-00007ff7ff7c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2432e90.33ec: 00007ff7ff7c7000-00007ff7ff7c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2442e90.33ec: 00007ff7ff7c8000-00007ff7ff7c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2452e90.33ec: 00007ff7ff7c9000-00007ff7ff7cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2462e90.33ec: 00007ff7ff7ce000-00007ff7ff7cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2472e90.33ec: 00007ff7ff7cf000-00007ff7ff7cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2482e90.33ec: 00007ff7ff7d0000-00007ff7ff7d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2492e90.33ec: 00007ff7ff7d4000-00007ff7ff81bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2502e90.33ec: 00007ff7ff81c000-00007ffb90b4ffff 0x0001/0x0000 0x0000000
2512e90.33ec: *00007ffb90b50000-00007ffb90b50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2522e90.33ec: 00007ffb90b51000-00007ffb90c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2532e90.33ec: 00007ffb90c58000-00007ffb90c9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2542e90.33ec: 00007ffb90c9c000-00007ffb90ca4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2552e90.33ec: 00007ffb90ca5000-00007ffb90cb2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2562e90.33ec: 00007ffb90cb3000-00007ffb90cb3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2572e90.33ec: 00007ffb90cb4000-00007ffb90cb6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2582e90.33ec: 00007ffb90cb7000-00007ffb90d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2592e90.33ec: 00007ffb90d21000-00007ffffffdffff 0x0001/0x0000 0x0000000
2602e90.33ec: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2612e90.33ec: VBoxHeadless.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
2622e90.33ec: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2632e90.33ec: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2642e90.33ec: supR3HardNtChildPurify: Done after 567 ms and 0 fixes (loop #0).
265311c.2830: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0383900
266311c.2830: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb90b50000 g_uNtVerCombined=0xa0383900
2672e90.33ec: supR3HardNtEnableThreadCreation:
268311c.2830: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
269311c.2830: New simple heap: #1 0000000000810000 LB 0x400000 (for 1904640 allocation)
270311c.2830: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
271311c.2830: System32: \Device\HarddiskVolume3\Windows\System32
272311c.2830: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
273311c.2830: KnownDllPath: C:\WINDOWS\System32
274311c.2830: supR3HardenedVmProcessInit: Opening vboxdrv stub...
275311c.2830: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
276311c.2830: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
277311c.2830: Registered Dll notification callback with NTDLL.
278311c.2830: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
279311c.2830: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
280311c.2830: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
281311c.2830: supR3HardenedDllNotificationCallback: load 00007ffb8d040000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
282311c.2830: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
283311c.2830: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
284311c.2830: supR3HardenedDllNotificationCallback: load 00007ffb8e670000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
285311c.2830: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
286311c.2830: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e670000 'C:\WINDOWS\System32\KERNEL32.DLL'
287311c.2830: supR3HardenedDllNotificationCallback: load 00007ff7ff710000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
288311c.2830: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
289311c.2830: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
290311c.2830: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
291311c.2830: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb90bc9fa0 pvNtTerminateThread=00007ffb90bf6b20
2922e90.33ec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 79 ms.
293311c.2830: \SystemRoot\System32\ntdll.dll:
294311c.2830: CreationTime: 2017-02-22T13:40:30.554993000Z
295311c.2830: LastWriteTime: 2017-02-22T13:40:30.554993000Z
296311c.2830: ChangeTime: 2017-05-11T16:22:53.190297100Z
297311c.2830: FileAttributes: 0x20
298311c.2830: Size: 0x1cc888
299311c.2830: NT Headers: 0xd8
300311c.2830: Timestamp: 0x5825887f
301311c.2830: Machine: 0x8664 - amd64
302311c.2830: Timestamp: 0x5825887f
303311c.2830: Image Version: 10.0
304311c.2830: SizeOfImage: 0x1d1000 (1904640)
305311c.2830: Resource Dir: 0x168000 LB 0x67988
306311c.2830: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
307311c.2830: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
308311c.2830: ProductName: Microsoft® Windows® Operating System
309311c.2830: ProductVersion: 10.0.14393.479
310311c.2830: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
311311c.2830: FileDescription: NT Layer DLL
312311c.2830: \SystemRoot\System32\kernel32.dll:
313311c.2830: CreationTime: 2017-05-11T16:08:36.019730300Z
314311c.2830: LastWriteTime: 2017-04-28T00:49:43.332433600Z
315311c.2830: ChangeTime: 2017-05-16T22:52:25.717256000Z
316311c.2830: FileAttributes: 0x20
317311c.2830: Size: 0xab208
318311c.2830: NT Headers: 0xf0
319311c.2830: Timestamp: 0x59028368
320311c.2830: Machine: 0x8664 - amd64
321311c.2830: Timestamp: 0x59028368
322311c.2830: Image Version: 10.0
323311c.2830: SizeOfImage: 0xac000 (704512)
324311c.2830: Resource Dir: 0xaa000 LB 0x530
325311c.2830: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
326311c.2830: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
327311c.2830: ProductName: Microsoft® Windows® Operating System
328311c.2830: ProductVersion: 10.0.14393.1198
329311c.2830: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
330311c.2830: FileDescription: Windows NT BASE API Client DLL
331311c.2830: \SystemRoot\System32\KernelBase.dll:
332311c.2830: CreationTime: 2017-05-11T16:09:39.444485500Z
333311c.2830: LastWriteTime: 2017-04-28T00:53:45.822385100Z
334311c.2830: ChangeTime: 2017-05-16T22:52:44.312988300Z
335311c.2830: FileAttributes: 0x20
336311c.2830: Size: 0x21c780
337311c.2830: NT Headers: 0xf8
338311c.2830: Timestamp: 0x5902808f
339311c.2830: Machine: 0x8664 - amd64
340311c.2830: Timestamp: 0x5902808f
341311c.2830: Image Version: 10.0
342311c.2830: SizeOfImage: 0x21d000 (2215936)
343311c.2830: Resource Dir: 0x201000 LB 0x558
344311c.2830: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
345311c.2830: [Raw version resource data: 0x2010b0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
346311c.2830: ProductName: Microsoft® Windows® Operating System
347311c.2830: ProductVersion: 10.0.14393.1198
348311c.2830: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
349311c.2830: FileDescription: Windows NT BASE API Client DLL
350311c.2830: \SystemRoot\System32\apisetschema.dll:
351311c.2830: CreationTime: 2016-07-16T11:42:21.577586000Z
352311c.2830: LastWriteTime: 2016-07-16T11:42:21.577586000Z
353311c.2830: ChangeTime: 2017-02-22T13:23:34.571806800Z
354311c.2830: FileAttributes: 0x20
355311c.2830: Size: 0x18960
356311c.2830: NT Headers: 0xc8
357311c.2830: Timestamp: 0x57899bd2
358311c.2830: Machine: 0x8664 - amd64
359311c.2830: Timestamp: 0x57899bd2
360311c.2830: Image Version: 10.0
361311c.2830: SizeOfImage: 0x19000 (102400)
362311c.2830: Resource Dir: 0x18000 LB 0x400
363311c.2830: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
364311c.2830: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
365311c.2830: ProductName: Microsoft® Windows® Operating System
366311c.2830: ProductVersion: 10.0.14393.0
367311c.2830: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
368311c.2830: FileDescription: ApiSet Schema DLL
369311c.2830: NtOpenDirectoryObject failed on \Driver: 0xc0000022
370311c.2830: supR3HardenedWinFindAdversaries: 0x20
371311c.2830: \SystemRoot\System32\drivers\cfwids.sys:
372311c.2830: CreationTime: 2015-07-02T17:33:00.000000000Z
373311c.2830: LastWriteTime: 2017-01-20T13:07:50.000000000Z
374311c.2830: ChangeTime: 2017-03-28T21:42:50.468034700Z
375311c.2830: FileAttributes: 0x20
376311c.2830: Size: 0x15990
377311c.2830: NT Headers: 0xe0
378311c.2830: Timestamp: 0x587f9e8a
379311c.2830: Machine: 0x8664 - amd64
380311c.2830: Timestamp: 0x587f9e8a
381311c.2830: Image Version: 0.0
382311c.2830: SizeOfImage: 0x16000 (90112)
383311c.2830: Resource Dir: 0x14000 LB 0x550
384311c.2830: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
385311c.2830: [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)]
386311c.2830: ProductName: SYSCORE
387311c.2830: ProductVersion: 15.6.0.1220
388311c.2830: FileVersion: SYSCORE.15.6.0.1220
389311c.2830: PrivateBuild: SYSCORE.15.6.0.1220
390311c.2830: FileDescription: McAfee Personal Firewall IDS Plugin
391311c.2830: \SystemRoot\System32\drivers\mfeavfk.sys:
392311c.2830: CreationTime: 2015-07-02T17:33:00.000000000Z
393311c.2830: LastWriteTime: 2017-01-20T13:07:50.000000000Z
394311c.2830: ChangeTime: 2017-03-28T21:42:42.618811300Z
395311c.2830: FileAttributes: 0x20
396311c.2830: Size: 0x596f8
397311c.2830: NT Headers: 0xe8
398311c.2830: Timestamp: 0x587f9e28
399311c.2830: Machine: 0x8664 - amd64
400311c.2830: Timestamp: 0x587f9e28
401311c.2830: Image Version: 0.0
402311c.2830: SizeOfImage: 0x59000 (364544)
403311c.2830: Resource Dir: 0x57000 LB 0x758
404311c.2830: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
405311c.2830: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
406311c.2830: ProductName: SYSCORE
407311c.2830: ProductVersion: 15.6.0.1220
408311c.2830: FileVersion: SYSCORE.15.6.0.1220
409311c.2830: PrivateBuild: SYSCORE.15.6.0.1220 F15,F16,F19
410311c.2830: FileDescription: Anti-Virus File System Filter Driver
411311c.2830: \SystemRoot\System32\drivers\mfefirek.sys:
412311c.2830: CreationTime: 2015-07-02T17:33:00.000000000Z
413311c.2830: LastWriteTime: 2017-01-20T13:07:50.000000000Z
414311c.2830: ChangeTime: 2017-03-28T21:42:50.250806300Z
415311c.2830: FileAttributes: 0x20
416311c.2830: Size: 0x7ea30
417311c.2830: NT Headers: 0xe0
418311c.2830: Timestamp: 0x587f9e6d
419311c.2830: Machine: 0x8664 - amd64
420311c.2830: Timestamp: 0x587f9e6d
421311c.2830: Image Version: 0.0
422311c.2830: SizeOfImage: 0x7f000 (520192)
423311c.2830: Resource Dir: 0x7b000 LB 0x388
424311c.2830: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
425311c.2830: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
426311c.2830: ProductName: SYSCORE
427311c.2830: ProductVersion: 15.6.0.1220
428311c.2830: FileVersion: SYSCORE.15.6.0.1220
429311c.2830: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
430311c.2830: FileDescription: McAfee Core Firewall Engine Driver
431311c.2830: \SystemRoot\System32\drivers\mfehidk.sys:
432311c.2830: CreationTime: 2015-07-02T17:33:00.000000000Z
433311c.2830: LastWriteTime: 2017-01-20T13:07:50.000000000Z
434311c.2830: ChangeTime: 2017-03-28T21:42:48.857123000Z
435311c.2830: FileAttributes: 0x20
436311c.2830: Size: 0xe17f8
437311c.2830: NT Headers: 0x100
438311c.2830: Timestamp: 0x587f9df5
439311c.2830: Machine: 0x8664 - amd64
440311c.2830: Timestamp: 0x587f9df5
441311c.2830: Image Version: 0.0
442311c.2830: SizeOfImage: 0xe8000 (950272)
443311c.2830: Resource Dir: 0xe4000 LB 0x758
444311c.2830: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
445311c.2830: [Raw version resource data: 0xe4110 LB 0x320, codepage 0x0 (reserved 0x0)]
446311c.2830: ProductName: SYSCORE
447311c.2830: ProductVersion: 15.6.0.1220
448311c.2830: FileVersion: SYSCORE.15.6.0.1220
449311c.2830: PrivateBuild: SYSCORE.15.6.0.1220 F14,F15,F16,F18,F20
450311c.2830: FileDescription: McAfee Link Driver
451311c.2830: \SystemRoot\System32\drivers\mfencbdc.sys:
452311c.2830: CreationTime: 2017-01-19T03:31:06.000000000Z
453311c.2830: LastWriteTime: 2017-01-19T03:31:06.000000000Z
454311c.2830: ChangeTime: 2017-03-28T21:44:21.789292000Z
455311c.2830: FileAttributes: 0x20
456311c.2830: Size: 0x79bd8
457311c.2830: NT Headers: 0xe0
458311c.2830: Timestamp: 0x587cd349
459311c.2830: Machine: 0x8664 - amd64
460311c.2830: Timestamp: 0x587cd349
461311c.2830: Image Version: 0.0
462311c.2830: SizeOfImage: 0x7c000 (507904)
463311c.2830: Resource Dir: 0x7a000 LB 0x3d8
464311c.2830: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
465311c.2830: [Raw version resource data: 0x7a060 LB 0x378, codepage 0x0 (reserved 0x0)]
466311c.2830: ProductName: Anti-Malware Core
467311c.2830: ProductVersion: 1.5.0
468311c.2830: FileVersion: Anti-Malware Core.1.5.0.1983.x64
469311c.2830: PrivateBuild: Anti-Malware Core.1.5.0.1983.x64
470311c.2830: FileDescription: Event Driver
471311c.2830: \SystemRoot\System32\drivers\mfewfpk.sys:
472311c.2830: CreationTime: 2015-07-02T17:33:00.000000000Z
473311c.2830: LastWriteTime: 2017-01-20T13:07:50.000000000Z
474311c.2830: ChangeTime: 2017-03-28T21:42:47.178414300Z
475311c.2830: FileAttributes: 0x20
476311c.2830: Size: 0x3e350
477311c.2830: NT Headers: 0xf0
478311c.2830: Timestamp: 0x587f9e01
479311c.2830: Machine: 0x8664 - amd64
480311c.2830: Timestamp: 0x587f9e01
481311c.2830: Image Version: 0.0
482311c.2830: SizeOfImage: 0x59000 (364544)
483311c.2830: Resource Dir: 0x57000 LB 0x380
484311c.2830: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
485311c.2830: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
486311c.2830: ProductName: SYSCORE
487311c.2830: ProductVersion: 15.6.0.1220
488311c.2830: FileVersion: SYSCORE.15.6.0.1220
489311c.2830: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
490311c.2830: FileDescription: Anti-Virus Mini-Firewall Driver
491311c.2830: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
492311c.2830: Calling main()
493311c.2830: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
494311c.2830: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
495311c.2830: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
496311c.2830: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
497311c.2830: SUPR3HardenedMain: Respawn #2
498311c.2830: supR3HardNtEnableThreadCreation:
499311c.2830: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb90bc9fa0 pvNtTerminateThread=00007ffb90bf6b20
500311c.2830: supR3HardenedWinDoReSpawn(2): New child 2108.3634 [kernel32].
501311c.2830: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
502311c.2830: supR3HardNtChildGatherData: PebBaseAddress=0000000000217000 cbPeb=0x388
503311c.2830: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb90b50000 uNtDllChildAddr=00007ffb90b50000
504311c.2830: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb90bc9fa0
505311c.2830: supR3HardenedWinSetupChildInit: Start child.
506311c.2830: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
507311c.2830: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 62 sleeps
508311c.2830: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
509311c.2830: *0000000000000000-000000000009ffff 0x0001/0x0000 0x0000000
510311c.2830: *00000000000a0000-00000000000bffff 0x0004/0x0004 0x0020000
511311c.2830: *00000000000c0000-00000000000d5fff 0x0002/0x0002 0x0040000
512311c.2830: 00000000000d6000-00000000000dffff 0x0001/0x0000 0x0000000
513311c.2830: *00000000000e0000-00000000001dafff 0x0000/0x0004 0x0020000
514311c.2830: 00000000001db000-00000000001ddfff 0x0104/0x0004 0x0020000
515311c.2830: 00000000001de000-00000000001dffff 0x0004/0x0004 0x0020000
516311c.2830: *00000000001e0000-00000000001e3fff 0x0002/0x0002 0x0040000
517311c.2830: 00000000001e4000-00000000001effff 0x0001/0x0000 0x0000000
518311c.2830: *00000000001f0000-00000000001f1fff 0x0004/0x0004 0x0020000
519311c.2830: 00000000001f2000-00000000001fffff 0x0001/0x0000 0x0000000
520311c.2830: *0000000000200000-0000000000216fff 0x0000/0x0004 0x0020000
521311c.2830: 0000000000217000-0000000000219fff 0x0004/0x0004 0x0020000
522311c.2830: 000000000021a000-00000000003fffff 0x0000/0x0004 0x0020000
523311c.2830: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
524311c.2830: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
525311c.2830: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
526311c.2830: 000000007fff0000-00007ff7fee7ffff 0x0001/0x0000 0x0000000
527311c.2830: *00007ff7fee80000-00007ff7feea2fff 0x0002/0x0002 0x0040000
528311c.2830: 00007ff7feea3000-00007ff7ff70ffff 0x0001/0x0000 0x0000000
529311c.2830: *00007ff7ff710000-00007ff7ff710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
530311c.2830: 00007ff7ff711000-00007ff7ff780fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
531311c.2830: 00007ff7ff781000-00007ff7ff781fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
532311c.2830: 00007ff7ff782000-00007ff7ff7c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
533311c.2830: 00007ff7ff7c7000-00007ff7ff7c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
534311c.2830: 00007ff7ff7c8000-00007ff7ff7c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
535311c.2830: 00007ff7ff7c9000-00007ff7ff7cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
536311c.2830: 00007ff7ff7ce000-00007ff7ff7cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
537311c.2830: 00007ff7ff7cf000-00007ff7ff7cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
538311c.2830: 00007ff7ff7d0000-00007ff7ff7d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
539311c.2830: 00007ff7ff7d4000-00007ff7ff81bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
540311c.2830: 00007ff7ff81c000-00007ffb90b4ffff 0x0001/0x0000 0x0000000
541311c.2830: *00007ffb90b50000-00007ffb90b50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
542311c.2830: 00007ffb90b51000-00007ffb90c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
543311c.2830: 00007ffb90c58000-00007ffb90c9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
544311c.2830: 00007ffb90c9c000-00007ffb90ca4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
545311c.2830: 00007ffb90ca5000-00007ffb90cb2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
546311c.2830: 00007ffb90cb3000-00007ffb90cb3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
547311c.2830: 00007ffb90cb4000-00007ffb90cb6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
548311c.2830: 00007ffb90cb7000-00007ffb90d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
549311c.2830: 00007ffb90d21000-00007ffffffdffff 0x0001/0x0000 0x0000000
550311c.2830: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
551311c.2830: VBoxHeadless.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
552311c.2830: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
553311c.2830: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
554311c.2830: supR3HardNtChildPurify: Done after 573 ms and 0 fixes (loop #0).
5552108.3634: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0383900
5562108.3634: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb90b50000 g_uNtVerCombined=0xa0383900
557311c.2830: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000810000 LB 0x400000)
5582108.3634: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
5592108.3634: New simple heap: #1 0000000000500000 LB 0x400000 (for 1904640 allocation)
560311c.2830: supR3HardNtEnableThreadCreation:
5612108.3634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5622108.3634: System32: \Device\HarddiskVolume3\Windows\System32
5632108.3634: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
5642108.3634: KnownDllPath: C:\WINDOWS\System32
5652108.3634: supR3HardenedVmProcessInit: Opening vboxdrv...
5662108.3634: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5672108.3634: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5682108.3634: Registered Dll notification callback with NTDLL.
5692108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
5702108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
5712108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5722108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8d040000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5732108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
5742108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
5752108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e670000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5762108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5772108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e670000 'C:\WINDOWS\System32\KERNEL32.DLL'
5782108.3634: supR3HardenedDllNotificationCallback: load 00007ff7ff710000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
5792108.3634: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5802108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
5812108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5822108.3634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb90bc9fa0 pvNtTerminateThread=00007ffb90bf6b20
583311c.2830: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 89 ms.
5842108.3634: \SystemRoot\System32\ntdll.dll:
5852108.3634: CreationTime: 2017-02-22T13:40:30.554993000Z
5862108.3634: LastWriteTime: 2017-02-22T13:40:30.554993000Z
5872108.3634: ChangeTime: 2017-05-11T16:22:53.190297100Z
5882108.3634: FileAttributes: 0x20
5892108.3634: Size: 0x1cc888
5902108.3634: NT Headers: 0xd8
5912108.3634: Timestamp: 0x5825887f
5922108.3634: Machine: 0x8664 - amd64
5932108.3634: Timestamp: 0x5825887f
5942108.3634: Image Version: 10.0
5952108.3634: SizeOfImage: 0x1d1000 (1904640)
5962108.3634: Resource Dir: 0x168000 LB 0x67988
5972108.3634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5982108.3634: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
5992108.3634: ProductName: Microsoft® Windows® Operating System
6002108.3634: ProductVersion: 10.0.14393.479
6012108.3634: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
6022108.3634: FileDescription: NT Layer DLL
6032108.3634: \SystemRoot\System32\kernel32.dll:
6042108.3634: CreationTime: 2017-05-11T16:08:36.019730300Z
6052108.3634: LastWriteTime: 2017-04-28T00:49:43.332433600Z
6062108.3634: ChangeTime: 2017-05-16T22:52:25.717256000Z
6072108.3634: FileAttributes: 0x20
6082108.3634: Size: 0xab208
6092108.3634: NT Headers: 0xf0
6102108.3634: Timestamp: 0x59028368
6112108.3634: Machine: 0x8664 - amd64
6122108.3634: Timestamp: 0x59028368
6132108.3634: Image Version: 10.0
6142108.3634: SizeOfImage: 0xac000 (704512)
6152108.3634: Resource Dir: 0xaa000 LB 0x530
6162108.3634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6172108.3634: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
6182108.3634: ProductName: Microsoft® Windows® Operating System
6192108.3634: ProductVersion: 10.0.14393.1198
6202108.3634: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
6212108.3634: FileDescription: Windows NT BASE API Client DLL
6222108.3634: \SystemRoot\System32\KernelBase.dll:
6232108.3634: CreationTime: 2017-05-11T16:09:39.444485500Z
6242108.3634: LastWriteTime: 2017-04-28T00:53:45.822385100Z
6252108.3634: ChangeTime: 2017-05-16T22:52:44.312988300Z
6262108.3634: FileAttributes: 0x20
6272108.3634: Size: 0x21c780
6282108.3634: NT Headers: 0xf8
6292108.3634: Timestamp: 0x5902808f
6302108.3634: Machine: 0x8664 - amd64
6312108.3634: Timestamp: 0x5902808f
6322108.3634: Image Version: 10.0
6332108.3634: SizeOfImage: 0x21d000 (2215936)
6342108.3634: Resource Dir: 0x201000 LB 0x558
6352108.3634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6362108.3634: [Raw version resource data: 0x2010b0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
6372108.3634: ProductName: Microsoft® Windows® Operating System
6382108.3634: ProductVersion: 10.0.14393.1198
6392108.3634: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
6402108.3634: FileDescription: Windows NT BASE API Client DLL
6412108.3634: \SystemRoot\System32\apisetschema.dll:
6422108.3634: CreationTime: 2016-07-16T11:42:21.577586000Z
6432108.3634: LastWriteTime: 2016-07-16T11:42:21.577586000Z
6442108.3634: ChangeTime: 2017-02-22T13:23:34.571806800Z
6452108.3634: FileAttributes: 0x20
6462108.3634: Size: 0x18960
6472108.3634: NT Headers: 0xc8
6482108.3634: Timestamp: 0x57899bd2
6492108.3634: Machine: 0x8664 - amd64
6502108.3634: Timestamp: 0x57899bd2
6512108.3634: Image Version: 10.0
6522108.3634: SizeOfImage: 0x19000 (102400)
6532108.3634: Resource Dir: 0x18000 LB 0x400
6542108.3634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6552108.3634: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
6562108.3634: ProductName: Microsoft® Windows® Operating System
6572108.3634: ProductVersion: 10.0.14393.0
6582108.3634: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
6592108.3634: FileDescription: ApiSet Schema DLL
6602108.3634: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6612108.3634: supR3HardenedWinFindAdversaries: 0x20
6622108.3634: \SystemRoot\System32\drivers\cfwids.sys:
6632108.3634: CreationTime: 2015-07-02T17:33:00.000000000Z
6642108.3634: LastWriteTime: 2017-01-20T13:07:50.000000000Z
6652108.3634: ChangeTime: 2017-03-28T21:42:50.468034700Z
6662108.3634: FileAttributes: 0x20
6672108.3634: Size: 0x15990
6682108.3634: NT Headers: 0xe0
6692108.3634: Timestamp: 0x587f9e8a
6702108.3634: Machine: 0x8664 - amd64
6712108.3634: Timestamp: 0x587f9e8a
6722108.3634: Image Version: 0.0
6732108.3634: SizeOfImage: 0x16000 (90112)
6742108.3634: Resource Dir: 0x14000 LB 0x550
6752108.3634: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
6762108.3634: [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)]
6772108.3634: ProductName: SYSCORE
6782108.3634: ProductVersion: 15.6.0.1220
6792108.3634: FileVersion: SYSCORE.15.6.0.1220
6802108.3634: PrivateBuild: SYSCORE.15.6.0.1220
6812108.3634: FileDescription: McAfee Personal Firewall IDS Plugin
6822108.3634: \SystemRoot\System32\drivers\mfeavfk.sys:
6832108.3634: CreationTime: 2015-07-02T17:33:00.000000000Z
6842108.3634: LastWriteTime: 2017-01-20T13:07:50.000000000Z
6852108.3634: ChangeTime: 2017-03-28T21:42:42.618811300Z
6862108.3634: FileAttributes: 0x20
6872108.3634: Size: 0x596f8
6882108.3634: NT Headers: 0xe8
6892108.3634: Timestamp: 0x587f9e28
6902108.3634: Machine: 0x8664 - amd64
6912108.3634: Timestamp: 0x587f9e28
6922108.3634: Image Version: 0.0
6932108.3634: SizeOfImage: 0x59000 (364544)
6942108.3634: Resource Dir: 0x57000 LB 0x758
6952108.3634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6962108.3634: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
6972108.3634: ProductName: SYSCORE
6982108.3634: ProductVersion: 15.6.0.1220
6992108.3634: FileVersion: SYSCORE.15.6.0.1220
7002108.3634: PrivateBuild: SYSCORE.15.6.0.1220 F15,F16,F19
7012108.3634: FileDescription: Anti-Virus File System Filter Driver
7022108.3634: \SystemRoot\System32\drivers\mfefirek.sys:
7032108.3634: CreationTime: 2015-07-02T17:33:00.000000000Z
7042108.3634: LastWriteTime: 2017-01-20T13:07:50.000000000Z
7052108.3634: ChangeTime: 2017-03-28T21:42:50.250806300Z
7062108.3634: FileAttributes: 0x20
7072108.3634: Size: 0x7ea30
7082108.3634: NT Headers: 0xe0
7092108.3634: Timestamp: 0x587f9e6d
7102108.3634: Machine: 0x8664 - amd64
7112108.3634: Timestamp: 0x587f9e6d
7122108.3634: Image Version: 0.0
7132108.3634: SizeOfImage: 0x7f000 (520192)
7142108.3634: Resource Dir: 0x7b000 LB 0x388
7152108.3634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7162108.3634: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
7172108.3634: ProductName: SYSCORE
7182108.3634: ProductVersion: 15.6.0.1220
7192108.3634: FileVersion: SYSCORE.15.6.0.1220
7202108.3634: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
7212108.3634: FileDescription: McAfee Core Firewall Engine Driver
7222108.3634: \SystemRoot\System32\drivers\mfehidk.sys:
7232108.3634: CreationTime: 2015-07-02T17:33:00.000000000Z
7242108.3634: LastWriteTime: 2017-01-20T13:07:50.000000000Z
7252108.3634: ChangeTime: 2017-03-28T21:42:48.857123000Z
7262108.3634: FileAttributes: 0x20
7272108.3634: Size: 0xe17f8
7282108.3634: NT Headers: 0x100
7292108.3634: Timestamp: 0x587f9df5
7302108.3634: Machine: 0x8664 - amd64
7312108.3634: Timestamp: 0x587f9df5
7322108.3634: Image Version: 0.0
7332108.3634: SizeOfImage: 0xe8000 (950272)
7342108.3634: Resource Dir: 0xe4000 LB 0x758
7352108.3634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7362108.3634: [Raw version resource data: 0xe4110 LB 0x320, codepage 0x0 (reserved 0x0)]
7372108.3634: ProductName: SYSCORE
7382108.3634: ProductVersion: 15.6.0.1220
7392108.3634: FileVersion: SYSCORE.15.6.0.1220
7402108.3634: PrivateBuild: SYSCORE.15.6.0.1220 F14,F15,F16,F18,F20
7412108.3634: FileDescription: McAfee Link Driver
7422108.3634: \SystemRoot\System32\drivers\mfencbdc.sys:
7432108.3634: CreationTime: 2017-01-19T03:31:06.000000000Z
7442108.3634: LastWriteTime: 2017-01-19T03:31:06.000000000Z
7452108.3634: ChangeTime: 2017-03-28T21:44:21.789292000Z
7462108.3634: FileAttributes: 0x20
7472108.3634: Size: 0x79bd8
7482108.3634: NT Headers: 0xe0
7492108.3634: Timestamp: 0x587cd349
7502108.3634: Machine: 0x8664 - amd64
7512108.3634: Timestamp: 0x587cd349
7522108.3634: Image Version: 0.0
7532108.3634: SizeOfImage: 0x7c000 (507904)
7542108.3634: Resource Dir: 0x7a000 LB 0x3d8
7552108.3634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7562108.3634: [Raw version resource data: 0x7a060 LB 0x378, codepage 0x0 (reserved 0x0)]
7572108.3634: ProductName: Anti-Malware Core
7582108.3634: ProductVersion: 1.5.0
7592108.3634: FileVersion: Anti-Malware Core.1.5.0.1983.x64
7602108.3634: PrivateBuild: Anti-Malware Core.1.5.0.1983.x64
7612108.3634: FileDescription: Event Driver
7622108.3634: \SystemRoot\System32\drivers\mfewfpk.sys:
7632108.3634: CreationTime: 2015-07-02T17:33:00.000000000Z
7642108.3634: LastWriteTime: 2017-01-20T13:07:50.000000000Z
7652108.3634: ChangeTime: 2017-03-28T21:42:47.178414300Z
7662108.3634: FileAttributes: 0x20
7672108.3634: Size: 0x3e350
7682108.3634: NT Headers: 0xf0
7692108.3634: Timestamp: 0x587f9e01
7702108.3634: Machine: 0x8664 - amd64
7712108.3634: Timestamp: 0x587f9e01
7722108.3634: Image Version: 0.0
7732108.3634: SizeOfImage: 0x59000 (364544)
7742108.3634: Resource Dir: 0x57000 LB 0x380
7752108.3634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7762108.3634: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
7772108.3634: ProductName: SYSCORE
7782108.3634: ProductVersion: 15.6.0.1220
7792108.3634: FileVersion: SYSCORE.15.6.0.1220
7802108.3634: PrivateBuild: SYSCORE.15.6.0.1220 F17,F18
7812108.3634: FileDescription: Anti-Virus Mini-Firewall Driver
7822108.3634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7832108.3634: Calling main()
7842108.3634: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
7852108.3634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7862108.3634: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7872108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7882108.3634: SUPR3HardenedMain: Final process, opening VBoxDrv...
7892108.3634: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
7902108.3634: supR3HardNtEnableThreadCreation:
7912108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7922108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7932108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7942108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7952108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8a330000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7962108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7972108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7982108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7992108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8002108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8012108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8022108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8032108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8042108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8052108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8062108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8072108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
8082108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
8092108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
8102108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8112108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8122108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
8132108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8142108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8152108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8162108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
8172108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
8182108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8192108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8202108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8212108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
8222108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
8232108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8242108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8252108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
8262108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
8272108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8282108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8292108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8302108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8312108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e450000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
8322108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8332108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8cfe0000 LB 0x00010000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
8342108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8352108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8ddd0000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
8362108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
8372108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
8382108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8d3c0000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
8392108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8402108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8f1f0000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
8412108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8422108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e080000 LB 0x00055000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
8432108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8442108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8452108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-synch-l1-2-0'
8462108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8472108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-fibers-l1-1-1'
8482108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8492108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-fibers-l1-1-1'
8502108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8512108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-synch-l1-2-0'
8522108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8532108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-localization-l1-2-1'
8542108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\WINDOWS\system32\Wintrust.dll'
8552108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
8562108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
8572108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8582108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8592108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8cb90000 LB 0x0002b000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
8602108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8612108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8cb90000 'C:\WINDOWS\system32\bcrypt.dll'
8622108.3634: bcrypt.dll loaded at 00007ffb8cb90000, BCryptOpenAlgorithmProvider at 00007ffb8cb94260, preloading providers:
8632108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
8642108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
8652108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8662108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8d350000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
8672108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8682108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d350000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8692108.3634: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000092f180)
8702108.3634: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000092ffa0)
8712108.3634: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000930270)
8722108.3634: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000930540)
8732108.3634: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000930810)
8742108.3634: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000930ae0)
8752108.3634: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000930db0)
8762108.3634: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000931080)
8772108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8782108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8792108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8802108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8812108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8822108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8832108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8842108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8852108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8862108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8872108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8882108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8892108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8902108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8912108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8922108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8932108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8942108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8952108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8962108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8972108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
8982108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
8992108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
9002108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8ca90000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9012108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9022108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
9032108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
9042108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9052108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9062108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9072108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9082108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9092108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9102108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8c4e0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
9112108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9122108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
9132108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
9142108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
9152108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
9162108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8ca80000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9172108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9182108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9192108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9202108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9212108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9222108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9232108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e670000 'C:\WINDOWS\System32\kernel32.dll'
9242108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9252108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
9262108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9272108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9282108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\CRYPT32.dll'
9292108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e790000 LB 0x0001c000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
9302108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
9312108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
9322108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9332108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9342108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
9352108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8ee90000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
9362108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9372108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
9382108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
9392108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9402108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9412108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
9422108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
9432108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8bea0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
9442108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9452108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8cfb0000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
9462108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
9472108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
9482108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9492108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9502108.3634: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
9512108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9522108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9532108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9542108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9552108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9562108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9572108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9582108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9592108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9602108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9612108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9622108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9632108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9642108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9652108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9662108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9672108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9682108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9692108.3634: supR3HardenedDllNotificationCallback: load 00007ffb80f00000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
9702108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9712108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9722108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9732108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9742108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9752108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9762108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9772108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9782108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9792108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9802108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9812108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9822108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9832108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9842108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9852108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9862108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9872108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9882108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9892108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9902108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9912108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9922108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9932108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9942108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9952108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9962108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9972108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9982108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
9992108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\WINDOWS\System32\cryptnet.dll'
10002108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10012108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb80f00000 'C:\Windows\System32\cryptnet.dll'
10022108.3634: supR3HardenedDllNotificationCallback: load 00007ffb90aa0000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
10032108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10042108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
10052108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
10062108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
10072108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
10082108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10092108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10102108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10112108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10122108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
10132108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
10142108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10152108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10162108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10172108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10182108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10192108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10202108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10212108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10222108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10232108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10242108.3634: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000983bb0
10252108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
10262108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0CC1880DEF521CFB586B70171713A785823BD2
10272108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10282108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10292108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8f1f0000 'C:\WINDOWS\System32\rpcrt4.dll'
10302108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10312108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10322108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10332108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10342108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10352108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10362108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10372108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10382108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10392108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10402108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10412108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10422108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10432108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10442108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\Windows\System32\WINTRUST.DLL'
10452108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10462108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10472108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10482108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10492108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10502108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10512108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5702_for_KB4019472~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
10522108.3634: g_pfnWinVerifyTrust=00007ffb8e087ff0
10532108.3634: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10542108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10552108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10562108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10572108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10582108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10592108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10602108.3634: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
10612108.3634: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10622108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10632108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10642108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10652108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10662108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10672108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10682108.3634: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
10692108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10702108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10712108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10722108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10732108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
10742108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10752108.3634: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
10762108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
10772108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
10782108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10792108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10802108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10812108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10822108.3634: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10832108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10842108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10852108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10862108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10872108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10882108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10892108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10902108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10912108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10922108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10932108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10942108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10952108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
10962108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10972108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
10982108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
10992108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
11002108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11012108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11022108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11032108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
11042108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11052108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11062108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
11072108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11082108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11092108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
11102108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
11112108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11122108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11132108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11142108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
11152108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11162108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11172108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
11182108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11192108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11202108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
11212108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11222108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11232108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
11242108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11252108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11262108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
11272108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11282108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11292108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
11302108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11312108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11322108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
11332108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11342108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11352108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11362108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
11372108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11382108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11392108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11402108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11412108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
11422108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11432108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\system32\crypt32.dll'
11442108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11452108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11462108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11472108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11482108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11492108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11502108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11512108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11522108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11532108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
11542108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11552108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11562108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11572108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11582108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11592108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11602108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11612108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11622108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11632108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11642108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11652108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11662108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11672108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11682108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2
11692108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11702108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11712108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11722108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11732108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11742108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11752108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11762108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11772108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11782108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11792108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11802108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11812108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11822108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11832108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11842108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
11852108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11862108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11872108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11882108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
11892108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11902108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11912108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11922108.3634: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11932108.3634: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
11942108.3634: SUPR3HardenedMain: Load Runtime...
11952108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
11962108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11972108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11982108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11992108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12002108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12012108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12022108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12032108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12042108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12052108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12062108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12072108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
12082108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
12092108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
12102108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
12112108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12122108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12132108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12142108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12152108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12162108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12172108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
12182108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12192108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12202108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12212108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12222108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12232108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12242108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12252108.3634: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12262108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
12272108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12282108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
12292108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12302108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12312108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12322108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12332108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12342108.3634: supR3HardenedDllNotificationCallback: load 000000005cdb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12352108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12362108.3634: supR3HardenedDllNotificationCallback: load 000000005cf00000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12372108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12382108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e4f0000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
12392108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12402108.3634: supR3HardenedDllNotificationCallback: load 00007ffb582b0000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12412108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12422108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12432108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12442108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12452108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12462108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12472108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12482108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12492108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12502108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12512108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12522108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12532108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12542108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12552108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12562108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12572108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12582108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12592108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12602108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12612108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12622108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12632108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12642108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12652108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12662108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12672108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12682108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12692108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12702108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12712108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12722108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12732108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12742108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12752108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12762108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12772108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12782108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12792108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12802108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12812108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12822108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12832108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12842108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12852108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12862108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12872108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12882108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12892108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12902108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12912108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12922108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb582b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12932108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e080000 'C:\WINDOWS\system32\Wintrust.dll'
12942108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
12952108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
12962108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12972108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12982108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
12992108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
13002108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\system32\crypt32.dll'
13012108.3634: SUPR3HardenedMain: Load TrustedMain...
13022108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
13032108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13042108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
13052108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
13062108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
13072108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
13082108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
13092108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
13102108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
13112108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13122108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13132108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
13142108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
13152108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13162108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
13172108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
13182108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13192108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13202108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13212108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
13222108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13232108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13242108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13252108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13262108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13272108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13282108.3634: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13292108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13302108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13312108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13322108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13332108.3634: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
13342108.3634: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
13352108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
13362108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
13372108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
13382108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13392108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13402108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
13412108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13422108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13432108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
13442108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
13452108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13462108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13472108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13482108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13492108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13502108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
13512108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13522108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13532108.3634: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
13542108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13552108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
13562108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
13572108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
13582108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13592108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13602108.3634: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
13612108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
13622108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13632108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13642108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13652108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
13662108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13672108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13682108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
13692108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
13702108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
13712108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
13722108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
13732108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
13742108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13752108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13762108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13772108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13782108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13792108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13802108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13812108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13822108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13832108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13842108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13852108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13862108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13872108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13882108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13892108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13902108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
13912108.3634: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
13922108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13932108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
13942108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e0e0000 LB 0x002c8000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
13952108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
13962108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8ded0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
13972108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
13982108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e8f0000 LB 0x00165000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
13992108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
14002108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8def0000 LB 0x00182000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14012108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
14022108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14032108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
14042108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
14052108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
14062108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e5d0000 LB 0x00034000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
14072108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14082108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e7b0000 LB 0x00138000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
14092108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14102108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8d2b0000 LB 0x0009c000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
14112108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
14122108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8f440000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
14132108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
14142108.3634: supR3HardenedDllNotificationCallback: load 00007ffb68000000 LB 0x00050000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
14152108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
14162108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
14172108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
14182108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
14192108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
14202108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
14212108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
14222108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
14232108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
14242108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
14252108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
14262108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
14272108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
14282108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
14292108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
14302108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
14312108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14322108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14332108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
14342108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
14352108.3634: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
14362108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14372108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14382108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
14392108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14402108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14412108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
14422108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
14432108.3634: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
14442108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14452108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14462108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
14472108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14482108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14492108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14502108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
14512108.3634: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
14522108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
14532108.3634: supR3HardenedDllNotificationCallback: load 00007ffb90a70000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
14542108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14552108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90a70000 'C:\WINDOWS\system32\IMM32.DLL'
14562108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
14572108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
14582108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
14592108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14602108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e670000 'C:\WINDOWS\System32\kernel32.dll'
14612108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14622108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-string-l1-1-0'
14632108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14642108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-datetime-l1-1-1'
14652108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14662108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-localization-obsolete-l1-2-0'
14672108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb68000000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
14682108.3634: SUPR3HardenedMain: Calling TrustedMain (00007ffb68002b30)...
14692108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8cfd0000 LB 0x0000f000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14702108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14712108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14722108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
14732108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
14742108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e3b0000 LB 0x0009f000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
14752108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14762108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14772108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
14782108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
14792108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14802108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14812108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14822108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14832108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14842108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14852108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14862108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14872108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14882108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14892108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
14902108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
14912108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
14922108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
14932108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
14942108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
14952108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
14962108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14972108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14982108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
14992108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
15002108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
15012108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
15022108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
15032108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
15042108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15052108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15062108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15072108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15082108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15092108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15102108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15112108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15122108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15132108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15142108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15152108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15162108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15172108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15182108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15192108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15202108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15212108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
15222108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
15232108.3634: supR3HardenedDllNotificationCallback: load 00007ffb560b0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
15242108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
15252108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb560b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
15262108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
15272108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15282108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15292108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15302108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
15312108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
15322108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
15332108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
15342108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
15352108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
15362108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15372108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15382108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15392108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15402108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15412108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15422108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15432108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15442108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
15452108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
15462108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
15472108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
15482108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15492108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
15502108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
15512108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) WinVerifyTrust
15522108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
15532108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15542108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15552108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15562108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15572108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15582108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15592108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15602108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15612108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15622108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15632108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15642108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15652108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15662108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15672108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
15682108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
15692108.3634: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
15702108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15712108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15722108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15732108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
15742108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
15752108.3634: supR3HardenedDllNotificationCallback: load 00007ffb8e570000 LB 0x00052000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
15762108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
15772108.3634: supR3HardenedDllNotificationCallback: load 00007ffb5d0d0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
15782108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
15792108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb5d0d0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
15802108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15812108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
15822108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8f440000 'C:\Windows\System32\oleaut32.dll'
15832108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15842108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15852108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e7b0000 'C:\WINDOWS\System32\ole32.dll'
15862108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15872108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15882108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8f440000 'C:\WINDOWS\System32\OLEAUT32.dll'
15892108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000744 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
15902108.3634: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
15912108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
15922108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A290917802D4CF47EA48D3329EF360233350A583
15932108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
15942108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
15952108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
15962108.3634: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15972108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15982108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
15992108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
16002108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
16012108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
16022108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
16032108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
16042108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000748 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
16052108.3634: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
16062108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
16072108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C43FEE2E561B2B0F306322C4D857AFC8E83D17B
16082108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
16092108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
16102108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
16112108.3634: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16122108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16132108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
16142108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
16152108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
16162108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
16172108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16182108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16192108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
16202108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16212108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16222108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
16232108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16242108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16252108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
16262108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
16272108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
16282108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
16292108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16302108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16312108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
16322108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
16332108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
16342108.3634: supR3HardenedDllNotificationCallback: load 00007ffb7eb10000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
16352108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
16362108.3634: supR3HardenedDllNotificationCallback: load 00007ffb7b2d0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
16372108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
16382108.3634: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16392108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
16402108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b2d0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
16412108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000728 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
16422108.3634: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
16432108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
16442108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD02F2EC1572091695F4D052CCF68BAA380A2D88
16452108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
16462108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
16472108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
16482108.3634: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16492108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16502108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
16512108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
16522108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
16532108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16542108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16552108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16562108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16572108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
16582108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
16592108.3634: supR3HardenedDllNotificationCallback: load 00007ffb7afc0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
16602108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
16612108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7afc0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
16622108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16632108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-localization-l1-2-0.dll'
16642108.3634: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16652108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d040000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
16662108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007a4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
16672108.3634: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
16682108.3634: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
16692108.3634: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37158B4AFADBDB40075A00539346B570E4EDE30C
16702108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
16712108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
16722108.3634: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
16732108.3634: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16742108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16752108.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
16762108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
16772108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
16782108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
16792108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
16802108.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
16812108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16822108.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16832108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
16842108.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
16852108.3634: supR3HardenedDllNotificationCallback: load 00007ffb7b060000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
16862108.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
16872108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b060000 'C:\WINDOWS\system32\wbem\fastprox.dll'
16882108.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
16892108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16902108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
16912108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
16922108.2fec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
16932108.2fec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
16942108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16952108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16962108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
16972108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
16982108.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
16992108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
17002108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
17012108.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
17022108.2fec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
17032108.2fec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
17042108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17052108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17062108.2fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
17072108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17082108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17092108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
17102108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
17112108.2fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17122108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17132108.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17142108.2fec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17152108.2fec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17162108.2fec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
17172108.2fec: supR3HardenedDllNotificationCallback: load 000000005c160000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
17182108.2fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
17192108.2fec: supR3HardenedDllNotificationCallback: load 00007ffb40b40000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
17202108.2fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17212108.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb40b40000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
17222108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17232108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000814 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
17242108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
17252108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
17262108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E81A796FC825DFF0C695CDAF472895D3C71DF311
17272108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17282108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
17292108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2909_for_KB4019472~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
17302108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17312108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17322108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17332108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'oleaut32.dll'.
17342108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'ws2_32.dll'.
17352108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'netsetupapi.dll'.
17362108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'setupapi.dll'.
17372108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
17382108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
17392108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17402108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17412108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17422108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
17432108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17442108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
17452108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
17462108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
17472108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
17482108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
17492108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
17502108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17512108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17522108.1478: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
17532108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
17542108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
17552108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17562108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17572108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17582108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17592108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17602108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
17612108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17622108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
17632108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
17642108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
17652108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17662108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17672108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
17682108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17692108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17702108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17712108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17722108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17732108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
17742108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17752108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17762108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17772108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17782108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17792108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17802108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17812108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
17822108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
17832108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8d260000 LB 0x00042000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
17842108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
17852108.1478: supR3HardenedDllNotificationCallback: load 00007ffb7fcd0000 LB 0x00027000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
17862108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
17872108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8ea60000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
17882108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
17892108.1478: supR3HardenedDllNotificationCallback: load 00007ffb7fd00000 LB 0x0007c000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
17902108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
17912108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fd00000 'C:\Windows\System32\NetSetupShim.dll'
17922108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17932108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
17942108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
17952108.3834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
17962108.3834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17972108.3834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
17982108.3834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17992108.3834: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18002108.3834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
18012108.3834: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
18022108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18032108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18042108.3834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
18052108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18062108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18072108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
18082108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
18092108.3834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18102108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18112108.3834: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18122108.3834: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18132108.3834: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18142108.3834: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
18152108.3834: supR3HardenedDllNotificationCallback: load 00007ffb7fb60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
18162108.3834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
18172108.3834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
18182108.3834: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
18192108.3834: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\User32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18202108.3834: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e8f0000 'C:\WINDOWS\system32\User32.dll'
18212108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008f4 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18222108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
18232108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
18242108.3158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
18252108.3158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18262108.3158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18272108.3158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18282108.3158: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
18292108.3158: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
18302108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18312108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18322108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18332108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18342108.3158: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18352108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18362108.3158: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18372108.3158: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
18382108.3158: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18392108.3158: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
18402108.3158: supR3HardenedDllNotificationCallback: load 00007ffb7f740000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
18412108.3158: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
18422108.3158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f740000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
18432108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5062D9B170D174E6DFFCD301D2C820A76C92F7CA
18442108.1d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
18452108.2ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
18462108.1d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18472108.1d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18482108.1d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18492108.1d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
18502108.1d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18512108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18522108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18532108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18542108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18552108.1d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18562108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18572108.1d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18582108.1d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18592108.1d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18602108.1d34: supR3HardenedDllNotificationCallback: load 00007ffb7f730000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
18612108.1d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18622108.1d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f730000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
18632108.2ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
18642108.351c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
18652108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
18662108.2ed0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18672108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18682108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
18692108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
18702108.2ed0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
18712108.2ed0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18722108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18732108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18742108.2ed0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
18752108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18762108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18772108.2ed0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18782108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18792108.2ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18802108.2ed0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18812108.2ed0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18822108.2ed0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18832108.2ed0: supR3HardenedDllNotificationCallback: load 00007ffb8b630000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
18842108.2ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18852108.2ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b630000 'C:\WINDOWS\system32\uxtheme.dll'
18862108.2ed0: supR3HardenedDllNotificationCallback: load 00007ffb8eef0000 LB 0x0015a000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18872108.351c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18882108.351c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18892108.351c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18902108.351c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
18912108.351c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
18922108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18932108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18942108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18952108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18962108.351c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18972108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18982108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18992108.351c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19002108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19012108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
19022108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
19032108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
19042108.2ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'.
19052108.2ed0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
19062108.2ed0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
19072108.351c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
19082108.351c: supR3HardenedDllNotificationCallback: load 00007ffb7dac0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
19092108.351c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
19102108.351c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7dac0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
19112108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19122108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19132108.351c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
19142108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19152108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19162108.351c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
19172108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19182108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19192108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19202108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19212108.351c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19222108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19232108.351c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19242108.351c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19252108.351c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
19262108.351c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
19272108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19282108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
19292108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19302108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
19312108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
19322108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
19332108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
19342108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19352108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19362108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
19372108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19382108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19392108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19402108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19412108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19422108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8cff0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
19432108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
19442108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
19452108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
19462108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8d640000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
19472108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19482108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
19492108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
19502108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
19512108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
19522108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8d6f0000 LB 0x006da000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
19532108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19542108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
19552108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
19562108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
19572108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
19582108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
19592108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8f560000 LB 0x01508000 C:\WINDOWS\System32\Shell32.dll [fFlags=0x0]
19602108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19612108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8f560000 'C:\WINDOWS\system32\Shell32.dll'
19622108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19632108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19642108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
19652108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19662108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19672108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
19682108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19692108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19702108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19712108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19722108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19732108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19742108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
19752108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19762108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19772108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19782108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19792108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19802108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19812108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19822108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
19832108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
19842108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19852108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
19862108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
19872108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
19882108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19892108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19902108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
19912108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
19922108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19932108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
19942108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19952108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
19962108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19972108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
19982108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
19992108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
20002108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
20012108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
20022108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
20032108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
20042108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
20052108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
20062108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
20072108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
20082108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20092108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
20102108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
20112108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
20122108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20132108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20142108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20152108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20162108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20172108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
20182108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20192108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20202108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
20212108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20222108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20232108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
20242108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
20252108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20262108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20272108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20282108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
20292108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
20302108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
20312108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
20322108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20332108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20342108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20352108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20362108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20372108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20382108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20392108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20402108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
20412108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
20422108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
20432108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
20442108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20452108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20462108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20472108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20482108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20492108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20502108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20512108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20522108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20532108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20542108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20552108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20562108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
20572108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20582108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20592108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20602108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20612108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20622108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20632108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20642108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
20652108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
20662108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
20672108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
20682108.1478: supR3HardenedDllNotificationCallback: load 00007ffb63b70000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
20692108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
20702108.1478: supR3HardenedDllNotificationCallback: load 00007ffb671e0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
20712108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
20722108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8c660000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
20732108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
20742108.1478: supR3HardenedDllNotificationCallback: load 00007ffb38360000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
20752108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
20762108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb38360000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
20772108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20782108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20792108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20802108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb560b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
20812108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20822108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
20832108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20842108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb671e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
20852108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20862108.352c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
20872108.352c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20882108.352c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20892108.352c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20902108.352c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
20912108.352c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
20922108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20932108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20942108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20952108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20962108.352c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20972108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20982108.352c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20992108.352c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21002108.352c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
21012108.352c: supR3HardenedDllNotificationCallback: load 00007ffb7d3a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
21022108.352c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
21032108.352c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7d3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
21042108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
21052108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21062108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c660000 'C:\WINDOWS\system32\Iphlpapi.dll'
21072108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21082108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
21092108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
21102108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
21112108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8e560000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
21122108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
21132108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
21142108.1478: supR3HardenedDllNotificationCallback: load 00007ffb854d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
21152108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
21162108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21172108.1478: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
21182108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
21192108.1478: supR3HardenedDllNotificationCallback: load 00007ffb85320000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
21202108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
21212108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
21222108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
21232108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
21242108.1478: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
21252108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
21262108.1478: supR3HardenedDllNotificationCallback: load 00007ffb841a0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
21272108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
21282108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bfc pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
21292108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
21302108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
21312108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D280CDF967AD5FF8409BEF96F4C54C1E47D620AC
21322108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
21332108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
21342108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
21352108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21362108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21372108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
21382108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21392108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21402108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21412108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21422108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
21432108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
21442108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
21452108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21462108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21472108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21482108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21492108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3902_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
21502108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21512108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
21522108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac0 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
21532108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
21542108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
21552108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2D1E4C0F8001689DAD3880BC6AABF203D6F2118
21562108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21572108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21582108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3902_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
21592108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21602108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
21612108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21622108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21632108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
21642108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21652108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21662108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
21672108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21682108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21692108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
21702108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
21712108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
21722108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
21732108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21742108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21752108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21762108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21772108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
21782108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21792108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
21802108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8c8e0000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
21812108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
21822108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c8e0000 'C:\WINDOWS\system32\mswsock.dll'
21832108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c28 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
21842108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
21852108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
21862108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D44ABC92F5DCFB6E0C03CA5B293AF8332666805
21872108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21882108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21892108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
21902108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21912108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21922108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
21932108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
21942108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
21952108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21962108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21972108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
21982108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
21992108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
22002108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
22012108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
22022108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
22032108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22042108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22052108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22062108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22072108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
22082108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
22092108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
22102108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
22112108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22122108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) WinVerifyTrust
22132108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
22142108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22152108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22162108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22172108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
22182108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22192108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
22202108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8b180000 LB 0x0002b000 C:\WINDOWS\System32\WINMMBASE.dll [fFlags=0x0]
22212108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
22222108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8b1b0000 LB 0x00023000 C:\WINDOWS\System32\WINMM.dll [fFlags=0x0]
22232108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22242108.1478: supR3HardenedDllNotificationCallback: load 00007ffb634d0000 LB 0x0009b000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
22252108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
22262108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
22272108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
22282108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb634d0000 'C:\WINDOWS\System32\dsound.dll'
22292108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb634d0000 'C:\WINDOWS\System32\dsound.dll'
22302108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
22312108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22322108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb634d0000 'C:\WINDOWS\system32\dsound.dll'
22332108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
22342108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
22352108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22362108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22372108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
22382108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
22392108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
22402108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
22412108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
22422108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
22432108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
22442108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
22452108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22462108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
22472108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
22482108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
22492108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
22502108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
22512108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
22522108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22532108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22542108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22552108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22562108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22572108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22582108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22592108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
22602108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
22612108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
22622108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
22632108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
22642108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22652108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22662108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22672108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22682108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22692108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22702108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
22712108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22722108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
22732108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
22742108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
22752108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8bc70000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
22762108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
22772108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8ad20000 LB 0x00185000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
22782108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
22792108.1478: supR3HardenedDllNotificationCallback: load 00007ffb83620000 LB 0x00071000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
22802108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
22812108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb83620000 'C:\WINDOWS\System32\MMDevApi.dll'
22822108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
22832108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22842108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb83620000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
22852108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22862108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
22872108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
22882108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
22892108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
22902108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
22912108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F8D22D5C750466D80CDF20856C3802D0D00236D
22922108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
22932108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
22942108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22952108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
22962108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
22972108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22982108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22992108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ksuser.dll'.
23002108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'avrt.dll'.
23012108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'mmdevapi.dll'.
23022108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
23032108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23042108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
23052108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
23062108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
23072108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
23082108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
23092108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
23102108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
23112108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
23122108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
23132108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
23142108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
23152108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
23162108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
23172108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23182108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
23192108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
23202108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23212108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23222108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23232108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23242108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23252108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23262108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
23272108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
23282108.1478: supR3HardenedDllNotificationCallback: load 00007ffb7c290000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
23292108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
23302108.1478: supR3HardenedDllNotificationCallback: load 00007ffb89940000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
23312108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
23322108.1478: supR3HardenedDllNotificationCallback: load 00007ffb7fe50000 LB 0x0003f000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
23332108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23342108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23352108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23362108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23372108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23382108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23392108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23402108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23412108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23422108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23432108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23442108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23452108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23462108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23472108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
23482108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
23492108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23502108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
23512108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
23522108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'mmdevapi.dll'.
23532108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
23542108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
23552108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
23562108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
23572108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
23582108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23592108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23602108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23612108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23622108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23632108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23642108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23652108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
23662108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
23672108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
23682108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcryptprimitives.dll'.
23692108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
23702108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
23712108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8a0d0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
23722108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23732108.1478: supR3HardenedDllNotificationCallback: load 00007ffb7a170000 LB 0x00094000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
23742108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
23752108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a170000 'C:\WINDOWS\System32\AUDIOSES.DLL'
23762108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23772108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
23782108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
23792108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23802108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23812108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23822108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23832108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
23842108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
23852108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
23862108.1478: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
23872108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23882108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23892108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23902108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
23912108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
23922108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23932108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fe50000 'C:\WINDOWS\System32\wdmaud.drv'
23942108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000acc pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
23952108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
23962108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
23972108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E21D9CCCA6678DDCF4BCCDCC18C3601831BA444
23982108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
23992108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
24002108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
24012108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24022108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24032108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
24042108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
24052108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
24062108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
24072108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24082108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
24092108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
24102108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
24112108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
24122108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
24132108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
24142108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
24152108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24162108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
24172108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
24182108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
24192108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
24202108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
24212108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24222108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24232108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24242108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24252108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24262108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24272108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
24282108.1478: supR3HardenedDllNotificationCallback: load 00007ffb84090000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
24292108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
24302108.1478: supR3HardenedDllNotificationCallback: load 00007ffb8aff0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
24312108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24322108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24332108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24342108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24352108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24362108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24372108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24382108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24392108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24402108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24412108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24422108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24432108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24442108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24452108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24462108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24472108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24482108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
24492108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24502108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24512108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24522108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24532108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8aff0000 'C:\WINDOWS\System32\msacm32.drv'
24542108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d98 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
24552108.1478: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
24562108.1478: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
24572108.1478: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E694D4B2A8B1B0C34C65DD7336FA886E9C3D53EF
24582108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
24592108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
24602108.1478: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
24612108.1478: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24622108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24632108.1478: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
24642108.1478: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
24652108.1478: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
24662108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24672108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24682108.1478: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24692108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24702108.1478: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24712108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24722108.1478: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
24732108.1478: supR3HardenedDllNotificationCallback: load 00007ffb84080000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
24742108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
24752108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb84080000 'C:\WINDOWS\System32\midimap.dll'
24762108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
24772108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24782108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb84080000 'C:\WINDOWS\System32\midimap.dll'
24792108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
24802108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24812108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb84080000 'C:\WINDOWS\System32\midimap.dll'
24822108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
24832108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
24842108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb84080000 'C:\WINDOWS\System32\midimap.dll'
24852108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24862108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24872108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24882108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24892108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24902108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24912108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24922108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24932108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24942108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24952108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24962108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24972108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24982108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
24992108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25002108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25012108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb634d0000 'C:\WINDOWS\system32\dsound.dll'
25022108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
25032108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
25042108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
25052108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
25062108.1478: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25072108.1478: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25082108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb634d0000 'C:\WINDOWS\system32\dsound.dll'
25092108.1478: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8b1b0000 'C:\WINDOWS\System32\winmm.dll'
25102108.236c: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
25112108.236c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
25122108.236c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
25132108.236c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
25142108.147c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007f8 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
25152108.147c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000983bb0
25162108.147c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000983bb0
25172108.147c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95BFFD77998D669806D4A0BEB8CF49EAB1A25F0B
25182108.147c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c4e0000 'C:\WINDOWS\system32\rsaenh.dll'
25192108.147c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8d3c0000 'C:\WINDOWS\System32\crypt32.dll'
25202108.147c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1320_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
25212108.147c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25222108.147c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
25232108.147c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
25242108.147c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25252108.147c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89940000 'C:\WINDOWS\System32\avrt.dll'
25262108.352c: supR3HardenedDllNotificationCallback: Unload 00007ffb7d3a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
25272108.351c: supR3HardenedDllNotificationCallback: Unload 00007ffb7dac0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
25282108.1d34: supR3HardenedDllNotificationCallback: Unload 00007ffb7f730000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
25292108.3158: supR3HardenedDllNotificationCallback: Unload 00007ffb7f740000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
25302108.3834: supR3HardenedDllNotificationCallback: Unload 00007ffb7fb60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
25312108.1478: supR3HardenedDllNotificationCallback: Unload 00007ffb38360000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
25322108.1478: supR3HardenedDllNotificationCallback: Unload 00007ffb63b70000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
25332108.1478: supR3HardenedDllNotificationCallback: Unload 00007ffb671e0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
25342108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7afc0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
25352108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7b060000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
25362108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb5d0d0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
25372108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7b2d0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
25382108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7eb10000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
25392108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb560b0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
25402108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7fd00000 LB 0x0007c000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
25412108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb7fcd0000 LB 0x00027000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
25422108.3634: supR3HardenedDllNotificationCallback: Unload 00007ffb8ea60000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
25432108.3634: Terminating the normal way: rcExit=0
25442108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
25452108.3634: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
25462108.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
25472108.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25482108.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25492108.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90b50000 'C:\WINDOWS\System32\ntdll.dll'
25502108.3634: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
25512108.3634: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
2552311c.2830: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 103614276 ms, the end);
25532e90.33ec: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 103614984 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy