VirtualBox

Ticket #18416: VBoxHardening.log

File VBoxHardening.log, 330.3 KB (added by gastor, 6 years ago)
Line 
12e98.348c: Log file opened: 6.0.5r128628 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
22e98.348c: \SystemRoot\System32\ntdll.dll:
32e98.348c: CreationTime: 2018-12-12T10:05:26.353410400Z
42e98.348c: LastWriteTime: 2018-12-08T08:04:53.786979100Z
52e98.348c: ChangeTime: 2019-01-09T09:42:42.926506000Z
62e98.348c: FileAttributes: 0x20
72e98.348c: Size: 0x1da720
82e98.348c: NT Headers: 0xe8
92e98.348c: Timestamp: 0x7e614c22
102e98.348c: Machine: 0x8664 - amd64
112e98.348c: Timestamp: 0x7e614c22
122e98.348c: Image Version: 10.0
132e98.348c: SizeOfImage: 0x1e1000 (1970176)
142e98.348c: Resource Dir: 0x174000 LB 0x6b3e8
152e98.348c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162e98.348c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172e98.348c: ProductName: Microsoft® Windows® Operating System
182e98.348c: ProductVersion: 10.0.17134.471
192e98.348c: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
202e98.348c: FileDescription: NT Layer DLL
212e98.348c: \SystemRoot\System32\kernel32.dll:
222e98.348c: CreationTime: 2018-04-11T23:34:40.510607900Z
232e98.348c: LastWriteTime: 2018-04-11T23:34:40.510607900Z
242e98.348c: ChangeTime: 2018-05-21T15:25:07.165561400Z
252e98.348c: FileAttributes: 0x20
262e98.348c: Size: 0xafef8
272e98.348c: NT Headers: 0xe8
282e98.348c: Timestamp: 0x5f488a51
292e98.348c: Machine: 0x8664 - amd64
302e98.348c: Timestamp: 0x5f488a51
312e98.348c: Image Version: 10.0
322e98.348c: SizeOfImage: 0xb2000 (729088)
332e98.348c: Resource Dir: 0xb0000 LB 0x520
342e98.348c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352e98.348c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362e98.348c: ProductName: Microsoft® Windows® Operating System
372e98.348c: ProductVersion: 10.0.17134.1
382e98.348c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
392e98.348c: FileDescription: Windows NT BASE API Client DLL
402e98.348c: \SystemRoot\System32\KernelBase.dll:
412e98.348c: CreationTime: 2018-12-12T10:05:33.177723500Z
422e98.348c: LastWriteTime: 2018-11-09T02:47:52.285920600Z
432e98.348c: ChangeTime: 2019-01-09T09:42:42.923578400Z
442e98.348c: FileAttributes: 0x20
452e98.348c: Size: 0x273b78
462e98.348c: NT Headers: 0xf0
472e98.348c: Timestamp: 0x428de48c
482e98.348c: Machine: 0x8664 - amd64
492e98.348c: Timestamp: 0x428de48c
502e98.348c: Image Version: 10.0
512e98.348c: SizeOfImage: 0x273000 (2568192)
522e98.348c: Resource Dir: 0x251000 LB 0x548
532e98.348c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542e98.348c: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552e98.348c: ProductName: Microsoft® Windows® Operating System
562e98.348c: ProductVersion: 10.0.17134.441
572e98.348c: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
582e98.348c: FileDescription: Windows NT BASE API Client DLL
592e98.348c: \SystemRoot\System32\apisetschema.dll:
602e98.348c: CreationTime: 2018-04-11T23:34:44.042150700Z
612e98.348c: LastWriteTime: 2018-04-11T23:34:44.042150700Z
622e98.348c: ChangeTime: 2018-05-21T11:57:52.440527900Z
632e98.348c: FileAttributes: 0x20
642e98.348c: Size: 0x1bd98
652e98.348c: NT Headers: 0xd0
662e98.348c: Timestamp: 0xd02ff418
672e98.348c: Machine: 0x8664 - amd64
682e98.348c: Timestamp: 0xd02ff418
692e98.348c: Image Version: 10.0
702e98.348c: SizeOfImage: 0x1c000 (114688)
712e98.348c: Resource Dir: 0x1b000 LB 0x408
722e98.348c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732e98.348c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742e98.348c: ProductName: Microsoft® Windows® Operating System
752e98.348c: ProductVersion: 10.0.17134.1
762e98.348c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
772e98.348c: FileDescription: ApiSet Schema DLL
782e98.348c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792e98.348c: supR3HardenedWinFindAdversaries: 0x0
802e98.348c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
812e98.348c: Calling main()
822e98.348c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
832e98.348c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
842e98.348c: SUPR3HardenedMain: Respawn #1
852e98.348c: System32: \Device\HarddiskVolume1\Windows\System32
862e98.348c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
872e98.348c: KnownDllPath: C:\WINDOWS\System32
882e98.348c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
892e98.348c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
902e98.348c: supR3HardNtEnableThreadCreation:
912e98.348c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe31e4f90 pvNtTerminateThread=00007ffbe320b3f0
922e98.348c: supR3HardenedWinDoReSpawn(1): New child 2694.2e04 [kernel32].
932e98.348c: supR3HardNtChildGatherData: PebBaseAddress=0000000000d2b000 cbPeb=0x388
942e98.348c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe3170000 uNtDllChildAddr=00007ffbe3170000
952e98.348c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe31e4f90
962e98.348c: supR3HardenedWinSetupChildInit: Start child.
972e98.348c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 7 ms.
982e98.348c: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 16 sleeps
992e98.348c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1002e98.348c: *0000000000000000-0000000000a6ffff 0x0001/0x0000 0x0000000
1012e98.348c: *0000000000a70000-0000000000a8ffff 0x0004/0x0004 0x0020000
1022e98.348c: *0000000000a90000-0000000000aa8fff 0x0002/0x0002 0x0040000
1032e98.348c: 0000000000aa9000-0000000000aaffff 0x0001/0x0000 0x0000000
1042e98.348c: *0000000000ab0000-0000000000baafff 0x0000/0x0004 0x0020000
1052e98.348c: 0000000000bab000-0000000000badfff 0x0104/0x0004 0x0020000
1062e98.348c: 0000000000bae000-0000000000baffff 0x0004/0x0004 0x0020000
1072e98.348c: *0000000000bb0000-0000000000bb3fff 0x0002/0x0002 0x0040000
1082e98.348c: 0000000000bb4000-0000000000bbffff 0x0001/0x0000 0x0000000
1092e98.348c: *0000000000bc0000-0000000000bc0fff 0x0004/0x0004 0x0020000
1102e98.348c: 0000000000bc1000-0000000000bfffff 0x0001/0x0000 0x0000000
1112e98.348c: *0000000000c00000-0000000000d2afff 0x0000/0x0004 0x0020000
1122e98.348c: 0000000000d2b000-0000000000d2dfff 0x0004/0x0004 0x0020000
1132e98.348c: 0000000000d2e000-0000000000dfffff 0x0000/0x0004 0x0020000
1142e98.348c: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
1152e98.348c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1162e98.348c: 000000007ffe1000-00007ff546e7ffff 0x0001/0x0000 0x0000000
1172e98.348c: *00007ff546e80000-00007ff546ea2fff 0x0002/0x0002 0x0040000
1182e98.348c: 00007ff546ea3000-00007ff7b9a1ffff 0x0001/0x0000 0x0000000
1192e98.348c: *00007ff7b9a20000-00007ff7b9a20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1202e98.348c: 00007ff7b9a21000-00007ff7b9a93fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1212e98.348c: 00007ff7b9a94000-00007ff7b9a94fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1222e98.348c: 00007ff7b9a95000-00007ff7b9adbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1232e98.348c: 00007ff7b9adc000-00007ff7b9adcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1242e98.348c: 00007ff7b9add000-00007ff7b9addfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1252e98.348c: 00007ff7b9ade000-00007ff7b9ae2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1262e98.348c: 00007ff7b9ae3000-00007ff7b9ae3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1272e98.348c: 00007ff7b9ae4000-00007ff7b9ae4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1282e98.348c: 00007ff7b9ae5000-00007ff7b9ae8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1292e98.348c: 00007ff7b9ae9000-00007ff7b9b31fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1302e98.348c: 00007ff7b9b32000-00007ffbe316ffff 0x0001/0x0000 0x0000000
1312e98.348c: *00007ffbe3170000-00007ffbe3170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1322e98.348c: 00007ffbe3171000-00007ffbe327ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1332e98.348c: 00007ffbe3280000-00007ffbe32c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1342e98.348c: 00007ffbe32c6000-00007ffbe32d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1352e98.348c: 00007ffbe32d1000-00007ffbe32defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1362e98.348c: 00007ffbe32df000-00007ffbe32dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1372e98.348c: 00007ffbe32e0000-00007ffbe32e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1382e98.348c: 00007ffbe32e3000-00007ffbe3350fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1392e98.348c: 00007ffbe3351000-00007ffffffeffff 0x0001/0x0000 0x0000000
1402e98.348c: VirtualBoxVM.exe: timestamp 0x5c58716c (rc=VINF_SUCCESS)
1412e98.348c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1422e98.348c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
1432e98.348c: supR3HardNtChildPurify: Done after 316 ms and 0 fixes (loop #0).
1442694.2e04: Log file opened: 6.0.5r128628 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
1452694.2e04: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe3170000 g_uNtVerCombined=0xa042ee00
1462694.2e04: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
1472694.2e04: New simple heap: #1 0000000000f00000 LB 0x400000 (for 1970176 allocation)
1482e98.348c: supR3HardNtEnableThreadCreation:
1492694.2e04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1502694.2e04: System32: \Device\HarddiskVolume1\Windows\System32
1512694.2e04: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
1522694.2e04: KnownDllPath: C:\WINDOWS\System32
1532694.2e04: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1542694.2e04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1552694.2e04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1562694.2e04: Registered Dll notification callback with NTDLL.
1572694.2e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1582694.2e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1592694.2e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1602694.2e04: supR3HardenedDllNotificationCallback: load 00007ffbdffb0000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1612694.2e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
1622694.2e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1632694.2e04: supR3HardenedDllNotificationCallback: load 00007ffbe2e30000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1642694.2e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1652694.2e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'C:\WINDOWS\System32\KERNEL32.DLL'
1662694.2e04: supR3HardenedDllNotificationCallback: load 00007ff7b9a20000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1672694.2e04: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1682694.2e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1692694.2e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1702694.2e04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe31e4f90 pvNtTerminateThread=00007ffbe320b3f0
1712e98.348c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 148 ms.
1722694.2e04: \SystemRoot\System32\ntdll.dll:
1732694.2e04: CreationTime: 2018-12-12T10:05:26.353410400Z
1742694.2e04: LastWriteTime: 2018-12-08T08:04:53.786979100Z
1752694.2e04: ChangeTime: 2019-01-09T09:42:42.926506000Z
1762694.2e04: FileAttributes: 0x20
1772694.2e04: Size: 0x1da720
1782694.2e04: NT Headers: 0xe8
1792694.2e04: Timestamp: 0x7e614c22
1802694.2e04: Machine: 0x8664 - amd64
1812694.2e04: Timestamp: 0x7e614c22
1822694.2e04: Image Version: 10.0
1832694.2e04: SizeOfImage: 0x1e1000 (1970176)
1842694.2e04: Resource Dir: 0x174000 LB 0x6b3e8
1852694.2e04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1862694.2e04: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1872694.2e04: ProductName: Microsoft® Windows® Operating System
1882694.2e04: ProductVersion: 10.0.17134.471
1892694.2e04: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
1902694.2e04: FileDescription: NT Layer DLL
1912694.2e04: \SystemRoot\System32\kernel32.dll:
1922694.2e04: CreationTime: 2018-04-11T23:34:40.510607900Z
1932694.2e04: LastWriteTime: 2018-04-11T23:34:40.510607900Z
1942694.2e04: ChangeTime: 2018-05-21T15:25:07.165561400Z
1952694.2e04: FileAttributes: 0x20
1962694.2e04: Size: 0xafef8
1972694.2e04: NT Headers: 0xe8
1982694.2e04: Timestamp: 0x5f488a51
1992694.2e04: Machine: 0x8664 - amd64
2002694.2e04: Timestamp: 0x5f488a51
2012694.2e04: Image Version: 10.0
2022694.2e04: SizeOfImage: 0xb2000 (729088)
2032694.2e04: Resource Dir: 0xb0000 LB 0x520
2042694.2e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2052694.2e04: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2062694.2e04: ProductName: Microsoft® Windows® Operating System
2072694.2e04: ProductVersion: 10.0.17134.1
2082694.2e04: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
2092694.2e04: FileDescription: Windows NT BASE API Client DLL
2102694.2e04: \SystemRoot\System32\KernelBase.dll:
2112694.2e04: CreationTime: 2018-12-12T10:05:33.177723500Z
2122694.2e04: LastWriteTime: 2018-11-09T02:47:52.285920600Z
2132694.2e04: ChangeTime: 2019-01-09T09:42:42.923578400Z
2142694.2e04: FileAttributes: 0x20
2152694.2e04: Size: 0x273b78
2162694.2e04: NT Headers: 0xf0
2172694.2e04: Timestamp: 0x428de48c
2182694.2e04: Machine: 0x8664 - amd64
2192694.2e04: Timestamp: 0x428de48c
2202694.2e04: Image Version: 10.0
2212694.2e04: SizeOfImage: 0x273000 (2568192)
2222694.2e04: Resource Dir: 0x251000 LB 0x548
2232694.2e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2242694.2e04: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2252694.2e04: ProductName: Microsoft® Windows® Operating System
2262694.2e04: ProductVersion: 10.0.17134.441
2272694.2e04: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
2282694.2e04: FileDescription: Windows NT BASE API Client DLL
2292694.2e04: \SystemRoot\System32\apisetschema.dll:
2302694.2e04: CreationTime: 2018-04-11T23:34:44.042150700Z
2312694.2e04: LastWriteTime: 2018-04-11T23:34:44.042150700Z
2322694.2e04: ChangeTime: 2018-05-21T11:57:52.440527900Z
2332694.2e04: FileAttributes: 0x20
2342694.2e04: Size: 0x1bd98
2352694.2e04: NT Headers: 0xd0
2362694.2e04: Timestamp: 0xd02ff418
2372694.2e04: Machine: 0x8664 - amd64
2382694.2e04: Timestamp: 0xd02ff418
2392694.2e04: Image Version: 10.0
2402694.2e04: SizeOfImage: 0x1c000 (114688)
2412694.2e04: Resource Dir: 0x1b000 LB 0x408
2422694.2e04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2432694.2e04: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2442694.2e04: ProductName: Microsoft® Windows® Operating System
2452694.2e04: ProductVersion: 10.0.17134.1
2462694.2e04: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
2472694.2e04: FileDescription: ApiSet Schema DLL
2482694.2e04: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2492694.2e04: supR3HardenedWinFindAdversaries: 0x0
2502694.2e04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2512694.2e04: Calling main()
2522694.2e04: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2532694.2e04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2542694.2e04: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2552694.2e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2562694.2e04: SUPR3HardenedMain: Respawn #2
2572694.2e04: supR3HardNtEnableThreadCreation:
2582694.2e04: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
2592694.2e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdll.dll)
2602694.2e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2612694.2e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2622694.2e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3170000 'C:\WINDOWS\System32\ntdll.dll'
2632694.2e04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe31e4f90 pvNtTerminateThread=00007ffbe320b3f0
2642694.2e04: supR3HardenedWinDoReSpawn(2): New child 1228.9cc [kernel32].
2652694.2e04: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2662694.2e04: supR3HardNtChildGatherData: PebBaseAddress=0000000000512000 cbPeb=0x388
2672694.2e04: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe3170000 uNtDllChildAddr=00007ffbe3170000
2682694.2e04: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe31e4f90
2692694.2e04: supR3HardenedWinSetupChildInit: Start child.
2702694.2e04: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2712694.2e04: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 15 sleeps
2722694.2e04: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2732694.2e04: *0000000000000000-00000000002bffff 0x0001/0x0000 0x0000000
2742694.2e04: *00000000002c0000-00000000002dffff 0x0004/0x0004 0x0020000
2752694.2e04: *00000000002e0000-00000000002f8fff 0x0002/0x0002 0x0040000
2762694.2e04: 00000000002f9000-00000000002fffff 0x0001/0x0000 0x0000000
2772694.2e04: *0000000000300000-00000000003fafff 0x0000/0x0004 0x0020000
2782694.2e04: 00000000003fb000-00000000003fdfff 0x0104/0x0004 0x0020000
2792694.2e04: 00000000003fe000-00000000003fffff 0x0004/0x0004 0x0020000
2802694.2e04: *0000000000400000-0000000000511fff 0x0000/0x0004 0x0020000
2812694.2e04: 0000000000512000-0000000000514fff 0x0004/0x0004 0x0020000
2822694.2e04: 0000000000515000-00000000005fffff 0x0000/0x0004 0x0020000
2832694.2e04: *0000000000600000-0000000000603fff 0x0002/0x0002 0x0040000
2842694.2e04: 0000000000604000-000000000060ffff 0x0001/0x0000 0x0000000
2852694.2e04: *0000000000610000-0000000000610fff 0x0004/0x0004 0x0020000
2862694.2e04: 0000000000611000-000000007ffdffff 0x0001/0x0000 0x0000000
2872694.2e04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2882694.2e04: 000000007ffe1000-00007ff5ce30ffff 0x0001/0x0000 0x0000000
2892694.2e04: *00007ff5ce310000-00007ff5ce332fff 0x0002/0x0002 0x0040000
2902694.2e04: 00007ff5ce333000-00007ff7b9a1ffff 0x0001/0x0000 0x0000000
2912694.2e04: *00007ff7b9a20000-00007ff7b9a20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2922694.2e04: 00007ff7b9a21000-00007ff7b9a93fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2932694.2e04: 00007ff7b9a94000-00007ff7b9a94fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2942694.2e04: 00007ff7b9a95000-00007ff7b9adbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2952694.2e04: 00007ff7b9adc000-00007ff7b9adcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2962694.2e04: 00007ff7b9add000-00007ff7b9addfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2972694.2e04: 00007ff7b9ade000-00007ff7b9ae2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2982694.2e04: 00007ff7b9ae3000-00007ff7b9ae3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2992694.2e04: 00007ff7b9ae4000-00007ff7b9ae4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3002694.2e04: 00007ff7b9ae5000-00007ff7b9ae8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3012694.2e04: 00007ff7b9ae9000-00007ff7b9b31fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3022694.2e04: 00007ff7b9b32000-00007ffbe316ffff 0x0001/0x0000 0x0000000
3032694.2e04: *00007ffbe3170000-00007ffbe3170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3042694.2e04: 00007ffbe3171000-00007ffbe327ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3052694.2e04: 00007ffbe3280000-00007ffbe32c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3062694.2e04: 00007ffbe32c6000-00007ffbe32d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3072694.2e04: 00007ffbe32d1000-00007ffbe32defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3082694.2e04: 00007ffbe32df000-00007ffbe32dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3092694.2e04: 00007ffbe32e0000-00007ffbe32e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3102694.2e04: 00007ffbe32e3000-00007ffbe3350fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3112694.2e04: 00007ffbe3351000-00007ffffffeffff 0x0001/0x0000 0x0000000
3122694.2e04: VirtualBoxVM.exe: timestamp 0x5c58716c (rc=VINF_SUCCESS)
3132694.2e04: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3142694.2e04: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
3152694.2e04: supR3HardNtChildPurify: Done after 316 ms and 0 fixes (loop #0).
3161228.9cc: Log file opened: 6.0.5r128628 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
3171228.9cc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe3170000 g_uNtVerCombined=0xa042ee00
3181228.9cc: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
3191228.9cc: New simple heap: #1 0000000000720000 LB 0x400000 (for 1970176 allocation)
3202694.2e04: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
3212694.2e04: supR3HardNtEnableThreadCreation:
3221228.9cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3231228.9cc: System32: \Device\HarddiskVolume1\Windows\System32
3241228.9cc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
3251228.9cc: KnownDllPath: C:\WINDOWS\System32
3261228.9cc: supR3HardenedVmProcessInit: Opening vboxdrv...
3271228.9cc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3281228.9cc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3291228.9cc: Registered Dll notification callback with NTDLL.
3301228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
3311228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3321228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3331228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdffb0000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3341228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
3351228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3361228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2e30000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3371228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3381228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'C:\WINDOWS\System32\KERNEL32.DLL'
3391228.9cc: supR3HardenedDllNotificationCallback: load 00007ff7b9a20000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3401228.9cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3411228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3421228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3431228.9cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe31e4f90 pvNtTerminateThread=00007ffbe320b3f0
3442694.2e04: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 170 ms.
3451228.9cc: \SystemRoot\System32\ntdll.dll:
3461228.9cc: CreationTime: 2018-12-12T10:05:26.353410400Z
3471228.9cc: LastWriteTime: 2018-12-08T08:04:53.786979100Z
3481228.9cc: ChangeTime: 2019-01-09T09:42:42.926506000Z
3491228.9cc: FileAttributes: 0x20
3501228.9cc: Size: 0x1da720
3511228.9cc: NT Headers: 0xe8
3521228.9cc: Timestamp: 0x7e614c22
3531228.9cc: Machine: 0x8664 - amd64
3541228.9cc: Timestamp: 0x7e614c22
3551228.9cc: Image Version: 10.0
3561228.9cc: SizeOfImage: 0x1e1000 (1970176)
3571228.9cc: Resource Dir: 0x174000 LB 0x6b3e8
3581228.9cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3591228.9cc: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3601228.9cc: ProductName: Microsoft® Windows® Operating System
3611228.9cc: ProductVersion: 10.0.17134.471
3621228.9cc: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
3631228.9cc: FileDescription: NT Layer DLL
3641228.9cc: \SystemRoot\System32\kernel32.dll:
3651228.9cc: CreationTime: 2018-04-11T23:34:40.510607900Z
3661228.9cc: LastWriteTime: 2018-04-11T23:34:40.510607900Z
3671228.9cc: ChangeTime: 2018-05-21T15:25:07.165561400Z
3681228.9cc: FileAttributes: 0x20
3691228.9cc: Size: 0xafef8
3701228.9cc: NT Headers: 0xe8
3711228.9cc: Timestamp: 0x5f488a51
3721228.9cc: Machine: 0x8664 - amd64
3731228.9cc: Timestamp: 0x5f488a51
3741228.9cc: Image Version: 10.0
3751228.9cc: SizeOfImage: 0xb2000 (729088)
3761228.9cc: Resource Dir: 0xb0000 LB 0x520
3771228.9cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3781228.9cc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3791228.9cc: ProductName: Microsoft® Windows® Operating System
3801228.9cc: ProductVersion: 10.0.17134.1
3811228.9cc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
3821228.9cc: FileDescription: Windows NT BASE API Client DLL
3831228.9cc: \SystemRoot\System32\KernelBase.dll:
3841228.9cc: CreationTime: 2018-12-12T10:05:33.177723500Z
3851228.9cc: LastWriteTime: 2018-11-09T02:47:52.285920600Z
3861228.9cc: ChangeTime: 2019-01-09T09:42:42.923578400Z
3871228.9cc: FileAttributes: 0x20
3881228.9cc: Size: 0x273b78
3891228.9cc: NT Headers: 0xf0
3901228.9cc: Timestamp: 0x428de48c
3911228.9cc: Machine: 0x8664 - amd64
3921228.9cc: Timestamp: 0x428de48c
3931228.9cc: Image Version: 10.0
3941228.9cc: SizeOfImage: 0x273000 (2568192)
3951228.9cc: Resource Dir: 0x251000 LB 0x548
3961228.9cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3971228.9cc: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3981228.9cc: ProductName: Microsoft® Windows® Operating System
3991228.9cc: ProductVersion: 10.0.17134.441
4001228.9cc: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
4011228.9cc: FileDescription: Windows NT BASE API Client DLL
4021228.9cc: \SystemRoot\System32\apisetschema.dll:
4031228.9cc: CreationTime: 2018-04-11T23:34:44.042150700Z
4041228.9cc: LastWriteTime: 2018-04-11T23:34:44.042150700Z
4051228.9cc: ChangeTime: 2018-05-21T11:57:52.440527900Z
4061228.9cc: FileAttributes: 0x20
4071228.9cc: Size: 0x1bd98
4081228.9cc: NT Headers: 0xd0
4091228.9cc: Timestamp: 0xd02ff418
4101228.9cc: Machine: 0x8664 - amd64
4111228.9cc: Timestamp: 0xd02ff418
4121228.9cc: Image Version: 10.0
4131228.9cc: SizeOfImage: 0x1c000 (114688)
4141228.9cc: Resource Dir: 0x1b000 LB 0x408
4151228.9cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4161228.9cc: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4171228.9cc: ProductName: Microsoft® Windows® Operating System
4181228.9cc: ProductVersion: 10.0.17134.1
4191228.9cc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
4201228.9cc: FileDescription: ApiSet Schema DLL
4211228.9cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4221228.9cc: supR3HardenedWinFindAdversaries: 0x0
4231228.9cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
4241228.9cc: Calling main()
4251228.9cc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4261228.9cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
4271228.9cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4281228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4291228.9cc: SUPR3HardenedMain: Final process, opening VBoxDrv...
4301228.9cc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000720000 LB 0x400000)
4311228.9cc: supR3HardNtEnableThreadCreation:
4321228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4331228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4341228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4351228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4361228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbcc9b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4371228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4381228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4391228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4401228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc9b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4411228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4421228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4431228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc9b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4441228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc9b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4451228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4461228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4471228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4481228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4491228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
4501228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
4511228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4521228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4531228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
4541228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
4551228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4561228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4571228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
4581228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
4591228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
4601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4611228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4621228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
4631228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
4641228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4661228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
4671228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
4681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4691228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4701228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4711228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4721228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe0600000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4731228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4741228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf4a0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4751228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4761228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdfe10000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4771228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll)
4781228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll
4791228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe02b0000 LB 0x001e2000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4801228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4811228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2820000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4821228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4831228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe1d30000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4841228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4851228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
4861228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
4871228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2770000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
4881228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4891228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
4901228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4911228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
4921228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
4931228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe05a0000 LB 0x00057000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
4941228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4951228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4961228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4971228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-synch-l1-2-0'
4981228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4991228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5001228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-fibers-l1-1-1'
5011228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5021228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5031228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-fibers-l1-1-1'
5041228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5051228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5061228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-synch-l1-2-0'
5071228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5081228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5091228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-localization-l1-2-1'
5101228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe05a0000 'C:\WINDOWS\system32\Wintrust.dll'
5111228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
5121228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
5131228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5141228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5151228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5161228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume1\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5181228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5191228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5201228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5211228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5221228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5231228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5241228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5251228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5261228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5271228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdef80000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5281228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5291228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdef80000 'C:\WINDOWS\system32\bcrypt.dll'
5301228.9cc: bcrypt.dll loaded at 00007ffbdef80000, BCryptOpenAlgorithmProvider at 00007ffbdef82770, preloading providers:
5311228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
5321228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
5331228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5341228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe0230000 LB 0x0007a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5351228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5361228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0230000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5371228.9cc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000bf5b50)
5381228.9cc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000bfe040)
5391228.9cc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c01190)
5401228.9cc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c01460)
5411228.9cc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c01730)
5421228.9cc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c01a00)
5431228.9cc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c01cd0)
5441228.9cc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c01fa0)
5451228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
5461228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
5471228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdee60000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5481228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5491228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5501228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
5511228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
5521228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5531228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5541228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5551228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5561228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5571228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbde880000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5581228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5591228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
5601228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5611228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
5621228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
5631228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdee50000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5641228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5651228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5681228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5691228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5701228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'C:\WINDOWS\System32\kernel32.dll'
5711228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5721228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5731228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe05a0000 'C:\WINDOWS\System32\WINTRUST.DLL'
5741228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5751228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5761228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\CRYPT32.dll'
5771228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe26f0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5781228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
5791228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
5801228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5811228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5821228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
5831228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5841228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5851228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
5861228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
5871228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbde1c0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5881228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5891228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf480000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
5901228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
5911228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
5921228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5931228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5941228.9cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
5951228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
5961228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5971228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5981228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6001228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6011228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6041228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6051228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6061228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6071228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6081228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6091228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6101228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbcc2d0000 LB 0x0002e000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6111228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6121228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6131228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6141228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6151228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6161228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6171228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6181228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6191228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6201228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6211228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6221228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6231228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6241228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6251228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6261228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6271228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6281228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6291228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6301228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6311228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6321228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6331228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6341228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6351228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6361228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6371228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6381228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6391228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6401228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\WINDOWS\System32\cryptnet.dll'
6411228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6421228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcc2d0000 'C:\Windows\System32\cryptnet.dll'
6431228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6441228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6451228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6461228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6471228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6481228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6491228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6501228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000cdd750
6511228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
6521228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D718C6590C8EC69621641D918F7E93AE14B7CE0C
6531228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6541228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6551228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2820000 'C:\WINDOWS\System32\rpcrt4.dll'
6561228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6571228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6581228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6591228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6601228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6611228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6621228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1759_for_KB4480966~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
6631228.9cc: g_pfnWinVerifyTrust=00007ffbe05a9940
6641228.9cc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6651228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6661228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6671228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6681228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6691228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6701228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6711228.9cc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
6721228.9cc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6731228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6741228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6751228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6761228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
6771228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6781228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6791228.9cc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
6801228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
6811228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
6821228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
6831228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
6841228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6851228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6861228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6871228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6881228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
6891228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6901228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
6911228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6921228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6931228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6941228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
6951228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6961228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
6971228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
6981228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
6991228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7001228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7011228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7021228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
7031228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7041228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7051228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7061228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
7071228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7081228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7091228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7101228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
7111228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7121228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7131228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
7141228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7151228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
7161228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7171228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7181228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
7191228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
7201228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7211228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7221228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7231228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
7241228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7251228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7261228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
7271228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7281228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7291228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
7301228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7311228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7321228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll'
7331228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7341228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7351228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
7361228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7371228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7381228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
7391228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7401228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7411228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
7421228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7431228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7441228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7451228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
7461228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7471228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7481228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
7491228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
7501228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
7511228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
7521228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\system32\crypt32.dll'
7531228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7541228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7551228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd494182224bdc100 CN=AGC
7561228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7571228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7581228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7591228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7601228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7611228.9cc: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize city, O=Disc Soft Ltd, CN=Disc Soft Ltd, Email=finpr@disc-soft.com
7621228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe290f691f255f400 OU=Created by http://www.fiddler2.com, O=DO_NOT_TRUST, CN=DO_NOT_TRUST_FiddlerRoot
7631228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7641228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7651228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
7661228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7671228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7681228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
7691228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7701228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7711228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
7721228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
7731228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
7741228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7751228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7761228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7771228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
7781228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
7791228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7801228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7811228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7821228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
7831228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7841228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7851228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
7861228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
7871228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7881228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
7891228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7901228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7911228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
7921228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
7931228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
7941228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
7951228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
7961228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
7971228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
7981228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
7991228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8001228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8011228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
8021228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
8031228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
8041228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
8051228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
8061228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1e5105933ff5e200 C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
8071228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8081228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8091228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8101228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8111228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8121228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
8131228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8141228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8151228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
8161228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8171228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
8181228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8191228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
8201228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8211228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8221228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8231228.9cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8241228.9cc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=70
8251228.9cc: SUPR3HardenedMain: Load Runtime...
8261228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
8271228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8281228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8291228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
8301228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
8311228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8321228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8331228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8341228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8351228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
8361228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
8371228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8381228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
8391228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
8401228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8411228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8421228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
8431228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8441228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8451228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8461228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8471228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
8481228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
8491228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8501228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8511228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
8521228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8531228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8541228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8551228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8561228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8571228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll)
8581228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
8591228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
8601228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8611228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8621228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8631228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8641228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
8651228.9cc: supR3HardenedDllNotificationCallback: load 0000000054190000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8661228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8671228.9cc: supR3HardenedDllNotificationCallback: load 0000000053b80000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8681228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
8691228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2950000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
8701228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
8711228.9cc: supR3HardenedDllNotificationCallback: load 00007ffb98780000 LB 0x0052d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8721228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8731228.9cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8741228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8751228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8761228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8771228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8781228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8791228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8801228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8811228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8821228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8831228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8841228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8851228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8861228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8881228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8891228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
8911228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8921228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8931228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8941228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
9011228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9021228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9031228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9051228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9061228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9111228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9121228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9141228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9151228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9161228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9171228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9181228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
9191228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9201228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9211228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9221228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9231228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb98780000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9241228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
9251228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9261228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe05a0000 'C:\WINDOWS\system32\Wintrust.dll'
9271228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
9281228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
9291228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
9301228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9311228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
9321228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
9331228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\system32\crypt32.dll'
9341228.9cc: SUPR3HardenedMain: Load TrustedMain...
9351228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
9361228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9371228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
9381228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
9391228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
9401228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
9411228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
9421228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
9431228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
9441228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9451228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9461228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
9471228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
9481228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
9491228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
9501228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
9511228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9521228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9531228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
9541228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
9551228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9561228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9571228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
9581228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
9591228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9611228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9631228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
9641228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9661228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'.
9671228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9681228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmmbase.dll)
9691228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmmbase.dll
9701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9721228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
9731228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
9741228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
9751228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9761228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
9771228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9781228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9791228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
9801228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
9811228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
9821228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9831228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9841228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9851228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9861228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
9871228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9881228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9891228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
9901228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9911228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
9921228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\combase.dll)
9931228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\combase.dll
9941228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9951228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9961228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'.
9971228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll)
9981228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll
9991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10001228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10011228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
10021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10041228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
10051228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
10061228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
10071228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
10081228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
10091228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
10101228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
10111228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
10121228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10131228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10141228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10151228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10161228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust]
10171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10181228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10191228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
10201228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10211228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10221228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
10231228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
10241228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10251228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10261228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
10271228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
10281228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
10291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10301228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10311228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10321228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10331228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10341228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10351228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10361228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\win32u.dll'.
10371228.9cc: '\Device\HarddiskVolume1\Windows\System32\win32u.dll' has no imports
10381228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\win32u.dll)
10391228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\win32u.dll
10401228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
10411228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
10421228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10431228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10441228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll) WinVerifyTrust
10451228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10461228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10471228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10481228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10491228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10501228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10511228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10521228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust]
10531228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
10541228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10551228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10561228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10571228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10581228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10591228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10611228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10631228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10641228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10671228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10681228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10691228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10701228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10711228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10721228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10731228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10741228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10751228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10761228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10771228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10781228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10791228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10801228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
10811228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10821228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
10831228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10841228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10851228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10861228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10871228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10881228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10891228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10901228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10911228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10921228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
10931228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10941228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10951228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
10961228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10971228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
10981228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10991228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11001228.9cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11011228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11041228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11051228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11061228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11071228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
11081228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11091228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11101228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shell32.dll'.
11111228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11121228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
11131228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
11141228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
11151228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
11161228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11181228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11191228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11201228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11211228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11221228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11231228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11241228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11251228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11261228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11271228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11301228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11311228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11321228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11331228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
11341228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11351228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11361228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11371228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11381228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11391228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11401228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11411228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11421228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11431228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11441228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11451228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'.
11461228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11471228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11481228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11491228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11501228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
11511228.9cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll)
11521228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
11531228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11541228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11551228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
11561228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11571228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11581228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11591228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11611228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
11621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11631228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11641228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\mpr.dll'.
11651228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll)
11661228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
11671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11691228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
11701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11721228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
11731228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11741228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11751228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
11761228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11771228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11781228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11791228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11801228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11811228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11821228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11831228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11841228.9cc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'.
11851228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11861228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11871228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
11881228.9cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\glu32.dll)
11891228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
11901228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11911228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11921228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11931228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11941228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11951228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11961228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11971228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11981228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
11991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12001228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12011228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
12021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12041228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12051228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12061228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12071228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
12081228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12091228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12101228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
12111228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12121228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12131228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12141228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12151228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12161228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
12171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12181228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12191228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
12201228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12211228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12221228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
12231228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
12241228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
12251228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12261228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12271228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
12281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12301228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
12311228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12321228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12331228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12341228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12351228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12361228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
12371228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12381228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12391228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [lacks WinVerifyTrust]
12401228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12411228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12421228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12431228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12441228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12451228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12461228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12471228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12481228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
12491228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12501228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12511228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12521228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
12531228.9cc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
12541228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12551228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12561228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
12571228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
12581228.9cc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
12591228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12611228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
12621228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
12631228.9cc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
12641228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12661228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
12671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
12681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
12691228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
12701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
12711228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
12721228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
12731228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
12741228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12751228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12761228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
12771228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12781228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
12791228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
12801228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
12811228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
12821228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
12831228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12841228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12851228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
12861228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
12871228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
12881228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
12891228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
12901228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12911228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12921228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
12931228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12941228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12951228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
12961228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12971228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12981228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
12991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13001228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13011228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
13021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13041228.9cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13051228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13061228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13071228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13081228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13091228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13101228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13111228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13121228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13131228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13141228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13151228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
13161228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
13171228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
13181228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13191228.9cc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
13201228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13211228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
13221228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
13231228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
13241228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13251228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13261228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
13271228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13281228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
13291228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13301228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13311228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13321228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf540000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
13331228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
13341228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdff10000 LB 0x0009f000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
13351228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
13361228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf560000 LB 0x00192000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
13371228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13381228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
13391228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
13401228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
13411228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32full.dll)
13421228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32full.dll
13431228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe1d90000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
13441228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
13451228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe06a0000 LB 0x00190000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
13461228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [avoiding WinVerifyTrust]
13471228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbcd790000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
13481228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13491228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbc64c0000 LB 0x00120000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
13501228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
13511228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe0550000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
13521228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)
13531228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
13541228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2210000 LB 0x00322000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
13551228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [avoiding WinVerifyTrust]
13561228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe1c70000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
13571228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13581228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
13591228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
13601228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\SHCore.dll)
13611228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\SHCore.dll
13621228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2690000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
13631228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13641228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
13651228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
13661228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
13671228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
13681228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf4d0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
13691228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
13701228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
13711228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll)
13721228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll
13731228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf4f0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
13741228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
13751228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll)
13761228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
13771228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf4c0000 LB 0x0000a000 C:\WINDOWS\System32\FLTLIB.DLL [fFlags=0x0]
13781228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\fltLib.dll)
13791228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\fltLib.dll
13801228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf700000 LB 0x0070d000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
13811228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13821228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
13831228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
13841228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
13851228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
13861228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\windows.storage.dll)
13871228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\windows.storage.dll
13881228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe0830000 LB 0x01440000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
13891228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
13901228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2a40000 LB 0x00151000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
13911228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
13921228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbd8860000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
13931228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13941228.9cc: supR3HardenedDllNotificationCallback: load 0000000053c20000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
13951228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13961228.9cc: supR3HardenedDllNotificationCallback: load 00007ffb92c40000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
13971228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13981228.9cc: supR3HardenedDllNotificationCallback: load 0000000053610000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
13991228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
14001228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2ef0000 LB 0x000c2000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
14011228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
14021228.9cc: supR3HardenedDllNotificationCallback: load 00007ffb908d0000 LB 0x0236b000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
14031228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
14041228.9cc: supR3HardenedDllNotificationCallback: load 0000000052b80000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
14051228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14061228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdd2b0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14071228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14081228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdd2e0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
14091228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
14101228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbb30b0000 LB 0x00186000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
14111228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
14121228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\windows.storage.dll'.
14131228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\windows.storage.dll' [rescheduled]
14141228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\fltLib.dll'.
14151228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\fltLib.dll' [rescheduled]
14161228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\powrprof.dll'.
14171228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rescheduled]
14181228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll'.
14191228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll' [rescheduled]
14201228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'.
14211228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rescheduled]
14221228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\SHCore.dll'.
14231228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\SHCore.dll' [rescheduled]
14241228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'.
14251228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rescheduled]
14261228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32full.dll'.
14271228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\gdi32full.dll' [rescheduled]
14281228.9cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'.
14291228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rescheduled]
14301228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\mpr.dll'.
14311228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rescheduled]
14321228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shell32.dll'.
14331228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rescheduled]
14341228.9cc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14351228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
14361228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\win32u.dll'.
14371228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rescheduled]
14381228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
14391228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rescheduled]
14401228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
14411228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rescheduled]
14421228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'.
14431228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rescheduled]
14441228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
14451228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rescheduled]
14461228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'.
14471228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rescheduled]
14481228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
14491228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
14501228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume1\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
14511228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
14521228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\fltLib.dll'.
14531228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\fltLib.dll
14541228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
14551228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
14561228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
14571228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14581228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14591228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust]
14601228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
14611228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\combase.dll
14621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14631228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14641228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14691228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14721228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14731228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14741228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
14751228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
14761228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\user32.dll
14771228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14781228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14791228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14801228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
14811228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\gdi32.dll
14821228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14831228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14841228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14851228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14861228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust]
14871228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
14881228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\combase.dll
14891228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14901228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14911228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14921228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14931228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14941228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14951228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [redoing WinVerifyTrust]
14961228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\win32u.dll'.
14971228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\win32u.dll
14981228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15001228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
15011228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
15021228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\user32.dll
15031228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15041228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15051228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15061228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
15071228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\gdi32.dll
15081228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15091228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15101228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
15111228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'.
15121228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll
15131228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15141228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'C:\WINDOWS\System32\kernel32.dll'
15151228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
15161228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15171228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-string-l1-1-0'
15181228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
15191228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15201228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-datetime-l1-1-1'
15211228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
15221228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15231228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-localization-obsolete-l1-2-0'
15241228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'.
15251228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15261228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
15271228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
15281228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
15291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15301228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15311228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15321228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\win32u.dll'.
15331228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\win32u.dll
15341228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15351228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15361228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
15371228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
15381228.9cc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\user32.dll
15391228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15401228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2600000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
15411228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
15421228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2600000 'C:\WINDOWS\system32\IMM32.DLL'
15431228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'.
15441228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rescheduled]
15451228.9cc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll': 0 (NtPath=\??\C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll; Input=C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll; rcNtGetDll=0x0
15461228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll'
15471228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
15481228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15491228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2770000 'C:\WINDOWS\System32\ADVAPI32.DLL'
15501228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb30b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
15511228.9cc: SUPR3HardenedMain: Calling TrustedMain (00007ffbb30b16c0)...
15521228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
15531228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15541228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
15551228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15561228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
15571228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
15581228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
15591228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
15601228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15611228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
15621228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
15631228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
15641228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
15651228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
15661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15691228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15701228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15721228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15731228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15741228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15751228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15761228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
15771228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15781228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15791228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [redoing WinVerifyTrust]
15801228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
15811228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
15821228.9cc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shell32.dll'
15831228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15841228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15851228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
15861228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15871228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15881228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
15891228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15901228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15911228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15921228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
15931228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
15941228.9cc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
15951228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15961228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15971228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
15981228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
15991228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16001228.9cc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
16011228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16021228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16031228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
16041228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16051228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16061228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16071228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
16081228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16091228.9cc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
16101228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16111228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16121228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbb5c10000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16131228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16141228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb5c10000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16151228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000628 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16161228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
16171228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
16181228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
16191228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
16201228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16211228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
16221228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16231228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16241228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16251228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
16261228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
16271228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16301228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16311228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16321228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16331228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16341228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16351228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16361228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdd9a0000 LB 0x00098000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
16371228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16381228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd9a0000 'C:\WINDOWS\system32\uxtheme.dll'
16391228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe06a0000 'C:\WINDOWS\system32\user32.dll'
16401228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
16411228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16421228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0830000 'C:\WINDOWS\system32\shell32.dll'
16431228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
16441228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
16451228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16461228.9cc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\SHCore.dll'
16471228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16481228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1c70000 'C:\WINDOWS\system32\SHCore.dll'
16491228.9cc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
16501228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
16511228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16521228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
16531228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
16541228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
16551228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)
16561228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
16571228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbddb20000 LB 0x00029000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
16581228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16591228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16611228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16631228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
16641228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16661228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust]
16671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16691228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
16701228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16711228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
16721228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
16731228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16741228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\system32\winmm.dll'
16751228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
16761228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16771228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\system32\winmm.dll'
16781228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
16791228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16801228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0830000 'C:\WINDOWS\system32\shell32.dll'
16811228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16821228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16831228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd9a0000 'C:\WINDOWS\system32\uxtheme.dll'
16841228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
16851228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16861228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2770000 'C:\WINDOWS\system32\advapi32.dll'
16871228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
16881228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
16891228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
16901228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
16911228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) WinVerifyTrust
16921228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
16931228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16941228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16951228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
16961228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16971228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16981228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16991228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
17001228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdf3b0000 LB 0x00028000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17011228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
17021228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdf3b0000 'C:\WINDOWS\system32\userenv.dll'
17031228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
17041228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17051228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'C:\WINDOWS\System32\kernel32.dll'
17061228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2560000 LB 0x000a0000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
17071228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17081228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
17091228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll)
17101228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
17111228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17121228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17131228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
17141228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17151228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17161228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
17171228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17181228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
17191228.2450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
17201228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17211228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17221228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17231228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17241228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17251228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17261228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17271228.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17281228.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
17291228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17301228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17311228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17321228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17331228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17341228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17351228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17361228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17371228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
17381228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17391228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17401228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17411228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17421228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
17431228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17441228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17451228.2450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17461228.2450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
17471228.2450: supR3HardenedDllNotificationCallback: load 00007ffbaf8c0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17481228.2450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
17491228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbaf8c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17501228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17511228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17521228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17531228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17541228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17551228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17561228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17571228.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17581228.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
17591228.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17601228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17611228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17621228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17631228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17641228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17651228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17661228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17671228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17681228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17691228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17701228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
17711228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17721228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
17731228.2450: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
17741228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17751228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17761228.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
17771228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17781228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17791228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17801228.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17811228.2450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17821228.2450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17831228.2450: supR3HardenedDllNotificationCallback: load 00007ffbb59a0000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
17841228.2450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17851228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb59a0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
17861228.2450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17871228.2450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17881228.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2ef0000 'C:\Windows\System32\oleaut32.dll'
17891228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1d90000 'C:\WINDOWS\system32\gdi32.dll'
17901228.a40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17911228.a40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17921228.a40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
17931228.a40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17941228.a40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17951228.a40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
17961228.a40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17971228.a40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17981228.a40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17991228.a40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18001228.a40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18011228.a40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18021228.a40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
18031228.a40: supR3HardenedDllNotificationCallback: load 00007ffbcd530000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
18041228.a40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
18051228.a40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd530000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
18061228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
18071228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18081228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0830000 'C:\WINDOWS\system32\shell32.dll'
18091228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
18101228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18111228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
18121228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18131228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
18141228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18151228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18161228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
18181228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
18191228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
18201228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
18211228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
18221228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
18231228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
18241228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
18251228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18261228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18271228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
18301228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
18311228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18321228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18331228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18341228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18351228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18361228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
18371228.9cc: supR3HardenedDllNotificationCallback: load 0000000052a70000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
18381228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
18391228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbb2400000 LB 0x00330000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
18401228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18411228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2400000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
18421228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe2fc0000 LB 0x00173000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18431228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18441228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
18451228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
18461228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
18471228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
18481228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
18491228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
18501228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18511228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18521228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
18531228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18541228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18551228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18561228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18571228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18581228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18591228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18611228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18621228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
18631228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
18641228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
18651228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
18661228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18671228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
18681228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18691228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
18701228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
18711228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
18721228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18731228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll) WinVerifyTrust
18741228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
18751228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18761228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18771228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18781228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18791228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18801228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
18811228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18821228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18831228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
18841228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18851228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18861228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18871228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18881228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18891228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
18901228.9cc: supR3HardenedDllNotificationCallback: load 0000000010000000 LB 0x00065000 C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll [fFlags=0x0]
18911228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
18921228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\psapi.dll'.
18931228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\psapi.dll)
18941228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll
18951228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18961228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbe1d20000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
18971228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
18981228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1d20000 'C:\WINDOWS\System32\PSAPI.DLL'
18991228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\psapi.dll'.
19001228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rescheduled]
19011228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000010000000 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
19021228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume1\Windows\System32\DataExchange.dll
19031228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
19041228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
19051228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
19061228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
19071228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
19081228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\DataExchange.dll'
19091228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19101228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19111228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19121228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
19131228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
19141228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
19151228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\DataExchange.dll) WinVerifyTrust
19161228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\DataExchange.dll
19171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19181228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume1\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19191228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
19201228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
19211228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19221228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
19231228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
19241228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
19251228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dcomp.dll) WinVerifyTrust
19261228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dcomp.dll
19271228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume1\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19301228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19311228.9cc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\dxgi.dll'.
19321228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19331228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19341228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dxgi.dll)
19351228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dxgi.dll
19361228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19371228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19381228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
19391228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
19401228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
19411228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19421228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19431228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19441228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19451228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19461228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19471228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19481228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19491228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
19501228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
19511228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19521228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19531228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
19541228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\d3d11.dll) WinVerifyTrust
19551228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\d3d11.dll
19561228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19571228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19581228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust]
19591228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19601228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19611228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19631228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19641228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
19651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19671228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
19681228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
19691228.9cc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\combase.dll'
19701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume1\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19721228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll
19731228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19741228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19751228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19761228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\DataExchange.dll
19771228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\d3d11.dll
19781228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dcomp.dll
19791228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19801228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbde240000 LB 0x000bb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19811228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19821228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdc160000 LB 0x0030b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19831228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\d3d11.dll
19841228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdca40000 LB 0x0019c000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19851228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dcomp.dll
19861228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbbe9c0000 LB 0x00058000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19871228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\DataExchange.dll
19881228.9cc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\dxgi.dll'.
19891228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dxgi.dll' [rescheduled]
19901228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
19911228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19921228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1d90000 'C:\WINDOWS\System32\gdi32.dll'
19931228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbe9c0000 'C:\WINDOWS\system32\dataexchange.dll'
19941228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19951228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
19961228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
19971228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
19981228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll)
19991228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll
20001228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20011228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
20021228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rmclient.dll)
20031228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rmclient.dll
20041228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbdda70000 LB 0x00021000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
20051228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
20061228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbddbf0000 LB 0x001b8000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
20071228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
20081228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20091228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20101228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20111228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20121228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20131228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20141228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll
20151228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20161228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20171228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
20181228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume1\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
20191228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
20201228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20211228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20221228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
20231228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
20241228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rmclient.dll'
20251228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
20261228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
20271228.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\twinapi.appcore.dll'
20281228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll
20291228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20301228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1c70000 'C:\WINDOWS\system32\Shcore.dll'
20311228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2ef0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
20321228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2a40000 'C:\WINDOWS\System32\ole32.dll'
20331228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2ef0000 'C:\WINDOWS\System32\OLEAUT32.dll'
20341228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
20351228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
20361228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
20371228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
20381228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
20391228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
20401228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
20411228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20421228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20431228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20441228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20451228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20461228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
20471228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20481228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20491228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
20501228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
20511228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
20521228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
20531228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
20541228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
20551228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
20561228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20571228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20581228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
20591228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
20601228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
20611228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
20621228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20631228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20641228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
20651228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20661228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20671228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20681228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20691228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
20701228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20711228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20721228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
20731228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20741228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20751228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20761228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
20771228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
20781228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbd65b0000 LB 0x00083000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20791228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
20801228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbd6640000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20811228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
20821228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
20831228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20841228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20851228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6640000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20861228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
20871228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
20881228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
20891228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
20901228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
20911228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
20921228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
20931228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20941228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20951228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
20961228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20971228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
20981228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20991228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21001228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21011228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21021228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21031228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
21041228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbd7580000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
21051228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
21061228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7580000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
21071228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
21081228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21091228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-localization-l1-2-0.dll'
21101228.9cc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
21111228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21121228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdffb0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21131228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a9c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
21141228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
21151228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
21161228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
21171228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
21181228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
21191228.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
21201228.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21211228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21221228.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
21231228.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21241228.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
21251228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21261228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21271228.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
21281228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21291228.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21301228.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21311228.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
21321228.9cc: supR3HardenedDllNotificationCallback: load 00007ffbd7620000 LB 0x000f2000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21331228.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
21341228.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7620000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21351228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
21361228.3650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
21371228.3650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21381228.3650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21391228.3650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21401228.3650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21411228.3650: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
21421228.3650: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21431228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21441228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21451228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21461228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21471228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21481228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21491228.3650: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21501228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21511228.3650: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21521228.3650: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21531228.3650: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21541228.3650: supR3HardenedDllNotificationCallback: load 00007ffbcbcf0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
21551228.3650: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21561228.3650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcbcf0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
21571228.3650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe06a0000 'C:\WINDOWS\system32\User32.dll'
21581228.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
21591228.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21601228.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21611228.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21621228.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
21631228.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21641228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21651228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21661228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21671228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21681228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21691228.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21701228.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
21711228.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21721228.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21731228.30a4: supR3HardenedDllNotificationCallback: load 00007ffbcbba0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
21741228.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21751228.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcbba0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
21761228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0830000 'C:\WINDOWS\system32\Shell32.dll'
21771228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21781228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21791228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2400000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21801228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
21811228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21821228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21831228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21841228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
21851228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21861228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
21871228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
21881228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21891228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21901228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21911228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21921228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21931228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21941228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21951228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21961228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21971228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21981228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21991228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22001228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc6260000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
22011228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22021228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6260000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
22031228.2e38: supR3HardenedDllNotificationCallback: Unload 00007ffbc6260000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
22041228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22051228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22061228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22071228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22081228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22091228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22101228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22111228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
22121228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22131228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22141228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
22151228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
22161228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
22171228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
22181228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
22191228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
22201228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
22211228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22221228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
22231228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
22241228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
22251228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22261228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22271228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22281228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22291228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
22301228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22311228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22321228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22331228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
22341228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22351228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
22361228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
22371228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
22381228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
22391228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22401228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22411228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
22421228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
22431228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22441228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22451228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
22461228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22471228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22481228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22491228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22501228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22511228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22521228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22531228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
22541228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
22551228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
22561228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
22571228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22581228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22591228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22601228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22611228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
22621228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22631228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22641228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22651228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
22661228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
22671228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
22681228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
22691228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22701228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22711228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22721228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22731228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22741228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22751228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22761228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22771228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22781228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22791228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22801228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
22811228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22821228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22831228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22841228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22851228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22861228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22871228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22881228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
22891228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
22901228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
22911228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
22921228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbe1dc0000 LB 0x0044b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
22931228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
22941228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc67a0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
22951228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
22961228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc6250000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
22971228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
22981228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbdea20000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
22991228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
23001228.2e38: supR3HardenedDllNotificationCallback: load 00007ffb8fef0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23011228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
23021228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8fef0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
23031228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23041228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23051228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23061228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23071228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc5f50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
23081228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23091228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc5f50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
23101228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23111228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
23121228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23131228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbaf8c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
23141228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23151228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23161228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23171228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6250000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
23181228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23191228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23201228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23211228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23221228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
23231228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
23241228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23251228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23261228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23271228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23281228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23291228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
23301228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc6bf0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
23311228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
23321228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6bf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
23331228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23341228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23351228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23361228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23371228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
23381228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
23391228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23401228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23411228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23421228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23431228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23441228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
23451228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc6a80000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
23461228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
23471228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6a80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
23481228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23491228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23501228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23511228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23521228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
23531228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
23541228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23551228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23561228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23571228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23581228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23591228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
23601228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc69a0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
23611228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
23621228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc69a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
23631228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23641228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23651228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23661228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23671228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
23681228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
23691228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23701228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23711228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23721228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23731228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23741228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
23751228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc68f0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
23761228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
23771228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc68f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
23781228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23791228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23801228.3d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23811228.3d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23821228.3d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23831228.3d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23841228.3d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
23851228.3d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
23861228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23871228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23881228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23891228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23901228.3d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23911228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23921228.3d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23931228.3d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23941228.3d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
23951228.3d8: supR3HardenedDllNotificationCallback: load 00007ffbc6880000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
23961228.3d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
23971228.3d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6880000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
23981228.a00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
23991228.a00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24001228.a00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24011228.a00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
24021228.a00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
24031228.a00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
24041228.a00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24051228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24061228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24071228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24081228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24091228.a00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24101228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24111228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24121228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24131228.a00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24141228.a00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24151228.a00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24161228.a00: supR3HardenedDllNotificationCallback: load 00007ffbcbb90000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
24171228.a00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24181228.a00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcbb90000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
24191228.2b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
24201228.2b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24211228.2b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24221228.2b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24231228.2b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
24241228.2b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24251228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24261228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24271228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24281228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24291228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24301228.2b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24311228.2b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24321228.2b9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24331228.2b9c: supR3HardenedDllNotificationCallback: load 00007ffbc6870000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
24341228.2b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24351228.2b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6870000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
24361228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
24371228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
24381228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24391228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24401228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
24411228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
24421228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24431228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24441228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24451228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24461228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24471228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
24481228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbdd590000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
24491228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
24501228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd590000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
24511228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24521228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24531228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdea20000 'C:\WINDOWS\system32\Iphlpapi.dll'
24541228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24551228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
24561228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll)
24571228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
24581228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbe2550000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
24591228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll)
24601228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
24611228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd8b00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24621228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24631228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24641228.2e38: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll)
24651228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
24661228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd8ac0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
24671228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
24681228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24691228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24701228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
24711228.2e38: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll)
24721228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
24731228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd8920000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
24741228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
24751228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e5c pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
24761228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
24771228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
24781228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9
24791228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24801228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24811228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24821228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24831228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24841228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
24851228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24861228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24871228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24881228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24891228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24901228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24911228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24921228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24931228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24941228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
24951228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
24961228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
24971228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24981228.2e38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
24991228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e54 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
25001228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
25011228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
25021228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4
25031228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25041228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25051228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
25061228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25071228.2e38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
25081228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25091228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25101228.2e38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\nsi.dll'
25111228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25121228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25131228.2e38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
25141228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25151228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25161228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
25171228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'.
25181228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'.
25191228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
25201228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25211228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
25221228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
25231228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25241228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
25251228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25261228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25271228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25281228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
25291228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
25301228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
25311228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
25321228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
25331228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
25341228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25351228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25361228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25371228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25381228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25391228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25401228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25411228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25421228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
25431228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) WinVerifyTrust
25441228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
25451228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25461228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25471228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
25481228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
25491228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
25501228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25511228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25521228.2e38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
25531228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25541228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25551228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
25561228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
25571228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbdf230000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
25581228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
25591228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbdd780000 LB 0x001b4000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
25601228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
25611228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd8940000 LB 0x00076000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
25621228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25631228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8940000 'C:\WINDOWS\System32\MMDevApi.dll'
25641228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee0 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
25651228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
25661228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
25671228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8
25681228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25691228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25701228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
25711228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25721228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25731228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
25741228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
25751228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
25761228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25771228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25781228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
25791228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25801228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25811228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25821228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25831228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbb67a0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
25841228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25851228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25861228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25871228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb67a0000 'C:\WINDOWS\System32\dsound.dll'
25881228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb67a0000 'C:\WINDOWS\System32\dsound.dll'
25891228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25901228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25911228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb67a0000 'C:\WINDOWS\system32\dsound.dll'
25921228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25931228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25941228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8940000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
25951228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
25961228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
25971228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
25981228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
25991228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
26001228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
26011228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
26021228.1438: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
26031228.1438: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26041228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26051228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26061228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
26071228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
26081228.1438: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
26091228.1438: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
26101228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26111228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26121228.1438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26131228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26141228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26151228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26161228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26171228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26181228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26191228.1438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
26201228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
26211228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
26221228.1438: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'
26231228.1438: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26241228.1438: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26251228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
26261228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
26271228.1438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
26281228.1438: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\WinTypes.dll)
26291228.1438: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\WinTypes.dll
26301228.1438: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
26311228.1438: supR3HardenedDllNotificationCallback: load 00007ffbdb540000 LB 0x0014d000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
26321228.1438: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
26331228.1438: supR3HardenedDllNotificationCallback: load 00007ffbdb2b0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
26341228.1438: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
26351228.1438: supR3HardenedDllNotificationCallback: load 00007ffbc4c60000 LB 0x0012c000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
26361228.1438: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26371228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc4c60000 'C:\WINDOWS\System32\AUDIOSES.DLL'
26381228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
26391228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
26401228.1438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
26411228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26421228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26431228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26441228.1438: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26451228.1438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll
26461228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
26471228.1438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
26481228.1438: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\WinTypes.dll'
26491228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
26501228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26511228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
26521228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc8 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26531228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
26541228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
26551228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092
26561228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
26571228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
26581228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
26591228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26601228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26611228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
26621228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
26631228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
26641228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
26651228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26661228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26671228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26681228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
26691228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
26701228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
26711228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
26721228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
26731228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26741228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
26751228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26761228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26771228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26781228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26791228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26801228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26811228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26821228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26831228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
26841228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26851228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26861228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26871228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd5990000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
26881228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26891228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc1680000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
26901228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26911228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
26921228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26931228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26941228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
26951228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26961228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26971228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
26981228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26991228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27001228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27011228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
27021228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27031228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27041228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
27051228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27061228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27071228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
27081228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27091228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27101228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27111228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27121228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27131228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1680000 'C:\WINDOWS\System32\wdmaud.drv'
27141228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd8 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
27151228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
27161228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
27171228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F
27181228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
27191228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
27201228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
27211228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27221228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27231228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
27241228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
27251228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
27261228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
27271228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27281228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
27291228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
27301228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
27311228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
27321228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
27331228.2e38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'
27341228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
27351228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
27361228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
27371228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
27381228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27391228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
27401228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27411228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27421228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27431228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
27441228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27451228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27461228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27471228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27481228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27491228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27501228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27511228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbc0c40000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
27521228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27531228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbd0780000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
27541228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27551228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27561228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27571228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27581228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27591228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27601228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27611228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27621228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27631228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27641228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27651228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27661228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27671228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27681228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27691228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27701228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27711228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27721228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27731228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27741228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27751228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27761228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0780000 'C:\WINDOWS\System32\msacm32.drv'
27771228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc0 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
27781228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cdd750
27791228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cdd750
27801228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26
27811228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
27821228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
27831228.2e38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
27841228.2e38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27851228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27861228.2e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
27871228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
27881228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
27891228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27901228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27911228.2e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
27921228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27931228.2e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27941228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27951228.2e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27961228.2e38: supR3HardenedDllNotificationCallback: load 00007ffbcab50000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
27971228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27981228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcab50000 'C:\WINDOWS\System32\midimap.dll'
27991228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
28001228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28011228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcab50000 'C:\WINDOWS\System32\midimap.dll'
28021228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
28031228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28041228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcab50000 'C:\WINDOWS\System32\midimap.dll'
28051228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
28061228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28071228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcab50000 'C:\WINDOWS\System32\midimap.dll'
28081228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28091228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28101228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28111228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28121228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28131228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28141228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28151228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
28161228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28171228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28181228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28191228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28201228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28211228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28221228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28231228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28241228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28251228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28261228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28271228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28281228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
28291228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28301228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb67a0000 'C:\WINDOWS\system32\dsound.dll'
28311228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28321228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28331228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28341228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28351228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28361228.2e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
28371228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28381228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28391228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28401228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd2e0000 'C:\WINDOWS\System32\winmm.dll'
28411228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2400000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28421228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
28431228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
28441228.2e38: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
28451228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28461228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2e30000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
28471228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde880000 'C:\WINDOWS\system32\rsaenh.dll'
28481228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\WINDOWS\System32\crypt32.dll'
28491228.2e38: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
28501228.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdll.dll) WinVerifyTrust
28511228.2e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdll.dll
28521228.2e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28531228.2e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3170000 'C:\WINDOWS\System32\ntdll.dll'
28542694.2e04: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 11743 ms, the end);
28552e98.348c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12329 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy