VirtualBox

Ticket #18967: VBoxHardening.log

File VBoxHardening.log, 380.1 KB (added by Reiner Brodbeck, 5 years ago)
Line 
13700.336c: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
23700.336c: \SystemRoot\System32\ntdll.dll:
33700.336c: CreationTime: 2019-09-11T09:51:12.517287500Z
43700.336c: LastWriteTime: 2019-09-11T09:51:12.548538500Z
53700.336c: ChangeTime: 2019-09-11T10:31:41.589473100Z
63700.336c: FileAttributes: 0x20
73700.336c: Size: 0x1e8458
83700.336c: NT Headers: 0xd8
93700.336c: Timestamp: 0xf24fc044
103700.336c: Machine: 0x8664 - amd64
113700.336c: Timestamp: 0xf24fc044
123700.336c: Image Version: 10.0
133700.336c: SizeOfImage: 0x1f0000 (2031616)
143700.336c: Resource Dir: 0x17f000 LB 0x6f310
153700.336c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163700.336c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173700.336c: ProductName: Microsoft® Windows® Operating System
183700.336c: ProductVersion: 10.0.18362.356
193700.336c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
203700.336c: FileDescription: NT Layer DLL
213700.336c: \SystemRoot\System32\kernel32.dll:
223700.336c: CreationTime: 2019-09-11T09:50:01.902264300Z
233700.336c: LastWriteTime: 2019-09-11T09:50:01.917939900Z
243700.336c: ChangeTime: 2019-09-11T10:31:38.245801700Z
253700.336c: FileAttributes: 0x20
263700.336c: Size: 0xb0570
273700.336c: NT Headers: 0xe8
283700.336c: Timestamp: 0xd0cecc10
293700.336c: Machine: 0x8664 - amd64
303700.336c: Timestamp: 0xd0cecc10
313700.336c: Image Version: 10.0
323700.336c: SizeOfImage: 0xb2000 (729088)
333700.336c: Resource Dir: 0xb0000 LB 0x520
343700.336c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353700.336c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363700.336c: ProductName: Microsoft® Windows® Operating System
373700.336c: ProductVersion: 10.0.18362.329
383700.336c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
393700.336c: FileDescription: Windows NT BASE API Client DLL
403700.336c: \SystemRoot\System32\KernelBase.dll:
413700.336c: CreationTime: 2019-09-11T09:51:13.079783400Z
423700.336c: LastWriteTime: 2019-09-11T09:51:13.157907200Z
433700.336c: ChangeTime: 2019-09-11T10:31:40.902051500Z
443700.336c: FileAttributes: 0x20
453700.336c: Size: 0x2a2638
463700.336c: NT Headers: 0xf0
473700.336c: Timestamp: 0x7083db20
483700.336c: Machine: 0x8664 - amd64
493700.336c: Timestamp: 0x7083db20
503700.336c: Image Version: 10.0
513700.336c: SizeOfImage: 0x2a3000 (2764800)
523700.336c: Resource Dir: 0x27d000 LB 0x548
533700.336c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543700.336c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553700.336c: ProductName: Microsoft® Windows® Operating System
563700.336c: ProductVersion: 10.0.18362.356
573700.336c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
583700.336c: FileDescription: Windows NT BASE API Client DLL
593700.336c: \SystemRoot\System32\apisetschema.dll:
603700.336c: CreationTime: 2019-03-19T04:43:54.837151500Z
613700.336c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
623700.336c: ChangeTime: 2019-09-11T09:53:32.430054800Z
633700.336c: FileAttributes: 0x20
643700.336c: Size: 0x1d028
653700.336c: NT Headers: 0xc8
663700.336c: Timestamp: 0xd6ced080
673700.336c: Machine: 0x8664 - amd64
683700.336c: Timestamp: 0xd6ced080
693700.336c: Image Version: 10.0
703700.336c: SizeOfImage: 0x1e000 (122880)
713700.336c: Resource Dir: 0x1d000 LB 0x408
723700.336c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733700.336c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743700.336c: ProductName: Microsoft® Windows® Operating System
753700.336c: ProductVersion: 10.0.18362.1
763700.336c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
773700.336c: FileDescription: ApiSet Schema DLL
783700.336c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793700.336c: supR3HardenedWinFindAdversaries: 0x40
803700.336c: \SystemRoot\System32\drivers\klflt.sys:
813700.336c: CreationTime: 2018-07-09T10:08:29.489972000Z
823700.336c: LastWriteTime: 2019-05-18T02:57:02.000000000Z
833700.336c: ChangeTime: 2019-08-27T12:05:27.482138700Z
843700.336c: FileAttributes: 0x20
853700.336c: Size: 0x3f478
863700.336c: NT Headers: 0xf8
873700.336c: Timestamp: 0x5cde4686
883700.336c: Machine: 0x8664 - amd64
893700.336c: Timestamp: 0x5cde4686
903700.336c: Image Version: 6.1
913700.336c: SizeOfImage: 0x4d000 (315392)
923700.336c: Resource Dir: 0x4a000 LB 0x420
933700.336c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
943700.336c: [Raw version resource data: 0x4a060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
953700.336c: ProductName: System Interceptors PDK
963700.336c: ProductVersion: 17.0.126.0
973700.336c: FileVersion: 17.0.126.0
983700.336c: FileDescription: Filter Core [fre_win7_x64]
993700.336c: \SystemRoot\System32\drivers\klif.sys:
1003700.336c: CreationTime: 2018-07-09T10:08:29.489972000Z
1013700.336c: LastWriteTime: 2019-05-18T02:57:02.000000000Z
1023700.336c: ChangeTime: 2019-08-27T12:05:27.449914000Z
1033700.336c: FileAttributes: 0x20
1043700.336c: Size: 0x101878
1053700.336c: NT Headers: 0x110
1063700.336c: Timestamp: 0x5cde468c
1073700.336c: Machine: 0x8664 - amd64
1083700.336c: Timestamp: 0x5cde468c
1093700.336c: Image Version: 6.1
1103700.336c: SizeOfImage: 0x103000 (1060864)
1113700.336c: Resource Dir: 0xf9000 LB 0x3400
1123700.336c: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
1133700.336c: [Raw version resource data: 0xf9378 LB 0x3d8, codepage 0x0 (reserved 0x0)]
1143700.336c: ProductName: System Interceptors PDK
1153700.336c: ProductVersion: 17.0.126.0
1163700.336c: FileVersion: 17.0.126.0
1173700.336c: FileDescription: Core System Interceptors [fre_win7_x64]
1183700.336c: \SystemRoot\System32\drivers\klim6.sys:
1193700.336c: CreationTime: 2019-02-13T12:12:53.473104300Z
1203700.336c: LastWriteTime: 2019-01-28T01:49:40.000000000Z
1213700.336c: ChangeTime: 2019-08-27T12:05:29.020781300Z
1223700.336c: FileAttributes: 0x20
1233700.336c: Size: 0xe750
1243700.336c: NT Headers: 0xf8
1253700.336c: Timestamp: 0x5c4b1141
1263700.336c: Machine: 0x8664 - amd64
1273700.336c: Timestamp: 0x5c4b1141
1283700.336c: Image Version: 6.1
1293700.336c: SizeOfImage: 0xb000 (45056)
1303700.336c: Resource Dir: 0x9000 LB 0x438
1313700.336c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1323700.336c: [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
1333700.336c: ProductName: System Interceptors PDK
1343700.336c: ProductVersion: 17.0.103.0
1353700.336c: FileVersion: 17.0.103.0
1363700.336c: FileDescription: Packet Network Filter [fre_win7_x64]
1373700.336c: \SystemRoot\System32\drivers\kneps.sys:
1383700.336c: CreationTime: 2018-07-09T10:08:29.536844400Z
1393700.336c: LastWriteTime: 2019-04-29T05:50:14.000000000Z
1403700.336c: ChangeTime: 2019-08-27T12:05:28.807908100Z
1413700.336c: FileAttributes: 0x20
1423700.336c: Size: 0x3a150
1433700.336c: NT Headers: 0xf8
1443700.336c: Timestamp: 0x5cc1c45c
1453700.336c: Machine: 0x8664 - amd64
1463700.336c: Timestamp: 0x5cc1c45c
1473700.336c: Image Version: 6.1
1483700.336c: SizeOfImage: 0x3a000 (237568)
1493700.336c: Resource Dir: 0x37000 LB 0x430
1503700.336c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1513700.336c: [Raw version resource data: 0x37060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1523700.336c: ProductName: System Interceptors PDK
1533700.336c: ProductVersion: 17.0.110.0
1543700.336c: FileVersion: 17.0.110.0
1553700.336c: FileDescription: Network Processor [fre_win7_x64]
1563700.336c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1573700.336c: Calling main()
1583700.336c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1593700.336c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1603700.336c: SUPR3HardenedMain: Respawn #1
1613700.336c: System32: \Device\HarddiskVolume2\Windows\System32
1623700.336c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1633700.336c: KnownDllPath: C:\WINDOWS\System32
1643700.336c: supR3HardenedWinInit: Performing a limited self purification...
1653700.336c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1663700.336c: *0000000000000000-0000000000f5ffff 0x0001/0x0000 0x0000000
1673700.336c: *0000000000f60000-0000000000f6ffff 0x0004/0x0004 0x0040000
1683700.336c: 0000000000f70000-0000000000f7ffff 0x0001/0x0000 0x0000000
1693700.336c: *0000000000f80000-0000000000f9afff 0x0002/0x0002 0x0040000
1703700.336c: 0000000000f9b000-0000000000f9ffff 0x0001/0x0000 0x0000000
1713700.336c: *0000000000fa0000-0000000000fa3fff 0x0002/0x0002 0x0040000
1723700.336c: 0000000000fa4000-0000000000faffff 0x0001/0x0000 0x0000000
1733700.336c: *0000000000fb0000-0000000000fb1fff 0x0004/0x0004 0x0020000
1743700.336c: 0000000000fb2000-0000000000fbffff 0x0001/0x0000 0x0000000
1753700.336c: *0000000000fc0000-0000000000fc1fff 0x0004/0x0004 0x0020000
1763700.336c: 0000000000fc2000-0000000000ff1fff 0x0000/0x0004 0x0020000
1773700.336c: 0000000000ff2000-0000000000ffffff 0x0001/0x0000 0x0000000
1783700.336c: *0000000001000000-00000000011b7fff 0x0000/0x0004 0x0020000
1793700.336c: 00000000011b8000-00000000011bafff 0x0004/0x0004 0x0020000
1803700.336c: 00000000011bb000-00000000011fffff 0x0000/0x0004 0x0020000
1813700.336c: *0000000001200000-00000000012b0fff 0x0000/0x0004 0x0020000
1823700.336c: 00000000012b1000-00000000012b3fff 0x0104/0x0004 0x0020000
1833700.336c: 00000000012b4000-00000000012fffff 0x0004/0x0004 0x0020000
1843700.336c: *0000000001300000-00000000013c6fff 0x0002/0x0002 0x0040000
1853700.336c: 00000000013c7000-00000000013cffff 0x0001/0x0000 0x0000000
1863700.336c: *00000000013d0000-00000000013ecfff 0x0004/0x0004 0x0020000
1873700.336c: 00000000013ed000-00000000014cffff 0x0000/0x0004 0x0020000
1883700.336c: 00000000014d0000-00000000014effff 0x0001/0x0000 0x0000000
1893700.336c: *00000000014f0000-00000000014f4fff 0x0004/0x0004 0x0020000
1903700.336c: 00000000014f5000-00000000015effff 0x0000/0x0004 0x0020000
1913700.336c: 00000000015f0000-000000000171ffff 0x0001/0x0000 0x0000000
1923700.336c: *0000000001720000-000000000172efff 0x0004/0x0004 0x0020000
1933700.336c: 000000000172f000-000000000172ffff 0x0000/0x0004 0x0020000
1943700.336c: *0000000001730000-000000000173efff 0x0000/0x0004 0x0020000
1953700.336c: 000000000173f000-000000000192ffff 0x0004/0x0004 0x0020000
1963700.336c: 0000000001930000-0000000001930fff 0x0000/0x0004 0x0020000
1973700.336c: 0000000001931000-000000007ffdffff 0x0001/0x0000 0x0000000
1983700.336c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1993700.336c: 000000007ffe1000-00007ff48305ffff 0x0001/0x0000 0x0000000
2003700.336c: *00007ff483060000-00007ff483064fff 0x0002/0x0002 0x0040000
2013700.336c: 00007ff483065000-00007ff48315ffff 0x0000/0x0002 0x0040000
2023700.336c: *00007ff483160000-00007ff58317ffff 0x0000/0x0004 0x0020000
2033700.336c: *00007ff583180000-00007ff58517ffff 0x0000/0x0004 0x0020000
2043700.336c: 00007ff585180000-00007ff585180fff 0x0004/0x0004 0x0020000
2053700.336c: 00007ff585181000-00007ff58518ffff 0x0001/0x0000 0x0000000
2063700.336c: *00007ff585190000-00007ff585190fff 0x0002/0x0002 0x0040000
2073700.336c: 00007ff585191000-00007ff58519ffff 0x0001/0x0000 0x0000000
2083700.336c: *00007ff5851a0000-00007ff5851c2fff 0x0002/0x0002 0x0040000
2093700.336c: 00007ff5851c3000-00007ff6f484ffff 0x0001/0x0000 0x0000000
2103700.336c: *00007ff6f4850000-00007ff6f4850fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2113700.336c: 00007ff6f4851000-00007ff6f48c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2123700.336c: 00007ff6f48c6000-00007ff6f48c6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2133700.336c: 00007ff6f48c7000-00007ff6f490efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2143700.336c: 00007ff6f490f000-00007ff6f4911fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2153700.336c: 00007ff6f4912000-00007ff6f4914fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2163700.336c: 00007ff6f4915000-00007ff6f4917fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2173700.336c: 00007ff6f4918000-00007ff6f4918fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2183700.336c: 00007ff6f4919000-00007ff6f491afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2193700.336c: 00007ff6f491b000-00007ff6f491bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2203700.336c: 00007ff6f491c000-00007ff6f4964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2213700.336c: 00007ff6f4965000-00007ffc56f6ffff 0x0001/0x0000 0x0000000
2223700.336c: *00007ffc56f70000-00007ffc56f70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2233700.336c: 00007ffc56f71000-00007ffc57075fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2243700.336c: 00007ffc57076000-00007ffc571d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2253700.336c: 00007ffc571d8000-00007ffc571dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2263700.336c: 00007ffc571dc000-00007ffc571dcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2273700.336c: 00007ffc571dd000-00007ffc57212fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2283700.336c: 00007ffc57213000-00007ffc5844ffff 0x0001/0x0000 0x0000000
2293700.336c: *00007ffc58450000-00007ffc58450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2303700.336c: 00007ffc58451000-00007ffc584c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2313700.336c: 00007ffc584c6000-00007ffc584f7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2323700.336c: 00007ffc584f8000-00007ffc584f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2333700.336c: 00007ffc584f9000-00007ffc584f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2343700.336c: 00007ffc584fa000-00007ffc58501fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2353700.336c: 00007ffc58502000-00007ffc5991ffff 0x0001/0x0000 0x0000000
2363700.336c: *00007ffc59920000-00007ffc59920fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2373700.336c: 00007ffc59921000-00007ffc59a37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2383700.336c: 00007ffc59a38000-00007ffc59a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2393700.336c: 00007ffc59a7f000-00007ffc59a7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2403700.336c: 00007ffc59a80000-00007ffc59a81fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2413700.336c: 00007ffc59a82000-00007ffc59a8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2423700.336c: 00007ffc59a8b000-00007ffc59b0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2433700.336c: 00007ffc59b10000-00007ffffffeffff 0x0001/0x0000 0x0000000
2443700.336c: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
2453700.336c: kernelbase.dll: timestamp 0x7083db20 (rc=VINF_SUCCESS)
2463700.336c: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
2473700.336c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2483700.336c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2493700.336c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
2503700.336c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2513700.336c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2523700.336c: supR3HardNtEnableThreadCreationEx:
2533700.336c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc59991800 pvNtTerminateThread=00007ffc599bcb20
2543700.336c: supR3HardenedWinDoReSpawn(1): New child 3154.1e14 [kernel32].
2553700.336c: supR3HardNtChildGatherData: PebBaseAddress=00000000003e3000 cbPeb=0x388
2563700.336c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc59920000 uNtDllChildAddr=00007ffc59920000
2573700.336c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc59991800
2583700.336c: supR3HardenedWinSetupChildInit: Start child.
2593700.336c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2603700.336c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
2613700.336c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2623700.336c: *0000000000000000-00000000001fffff 0x0001/0x0000 0x0000000
2633700.336c: *0000000000200000-00000000003e2fff 0x0000/0x0004 0x0020000
2643700.336c: 00000000003e3000-00000000003e5fff 0x0004/0x0004 0x0020000
2653700.336c: 00000000003e6000-00000000003fffff 0x0000/0x0004 0x0020000
2663700.336c: *0000000000400000-000000000041ffff 0x0004/0x0004 0x0020000
2673700.336c: *0000000000420000-000000000043afff 0x0002/0x0002 0x0040000
2683700.336c: 000000000043b000-000000000043ffff 0x0001/0x0000 0x0000000
2693700.336c: *0000000000440000-000000000053afff 0x0000/0x0004 0x0020000
2703700.336c: 000000000053b000-000000000053dfff 0x0104/0x0004 0x0020000
2713700.336c: 000000000053e000-000000000053ffff 0x0004/0x0004 0x0020000
2723700.336c: *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
2733700.336c: 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
2743700.336c: *0000000000550000-0000000000551fff 0x0004/0x0004 0x0020000
2753700.336c: 0000000000552000-000000007ffdffff 0x0001/0x0000 0x0000000
2763700.336c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2773700.336c: 000000007ffe1000-00007ff567a1ffff 0x0001/0x0000 0x0000000
2783700.336c: *00007ff567a20000-00007ff567a20fff 0x0002/0x0002 0x0040000
2793700.336c: 00007ff567a21000-00007ff567a2ffff 0x0001/0x0000 0x0000000
2803700.336c: *00007ff567a30000-00007ff567a52fff 0x0002/0x0002 0x0040000
2813700.336c: 00007ff567a53000-00007ff6f484ffff 0x0001/0x0000 0x0000000
2823700.336c: *00007ff6f4850000-00007ff6f4850fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2833700.336c: 00007ff6f4851000-00007ff6f48c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2843700.336c: 00007ff6f48c6000-00007ff6f48c6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2853700.336c: 00007ff6f48c7000-00007ff6f490efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2863700.336c: 00007ff6f490f000-00007ff6f490ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2873700.336c: 00007ff6f4910000-00007ff6f4910fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2883700.336c: 00007ff6f4911000-00007ff6f4915fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2893700.336c: 00007ff6f4916000-00007ff6f4916fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2903700.336c: 00007ff6f4917000-00007ff6f4917fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2913700.336c: 00007ff6f4918000-00007ff6f491bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2923700.336c: 00007ff6f491c000-00007ff6f4964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2933700.336c: 00007ff6f4965000-00007ffc5991ffff 0x0001/0x0000 0x0000000
2943700.336c: *00007ffc59920000-00007ffc59920fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2953700.336c: 00007ffc59921000-00007ffc59a37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2963700.336c: 00007ffc59a38000-00007ffc59a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2973700.336c: 00007ffc59a7f000-00007ffc59a8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2983700.336c: 00007ffc59a8b000-00007ffc59a99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2993700.336c: 00007ffc59a9a000-00007ffc59a9afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3003700.336c: 00007ffc59a9b000-00007ffc59a9dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3013700.336c: 00007ffc59a9e000-00007ffc59b0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3023700.336c: 00007ffc59b10000-00007ffffffeffff 0x0001/0x0000 0x0000000
3033700.336c: supR3HardNtChildPurify: Done after 526 ms and 0 fixes (loop #0).
3043154.1e14: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
3053154.1e14: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc59920000 g_uNtVerCombined=0xa047ba00
3063154.1e14: ntdll.dll: timestamp 0xf24fc044 (rc=VINF_SUCCESS)
3073154.1e14: New simple heap: #1 0000000000660000 LB 0x400000 (for 2031616 allocation)
3083154.1e14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3093154.1e14: System32: \Device\HarddiskVolume2\Windows\System32
3103154.1e14: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3113700.336c: supR3HardNtEnableThreadCreationEx:
3123154.1e14: KnownDllPath: C:\WINDOWS\System32
3133154.1e14: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3143154.1e14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3153154.1e14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3163154.1e14: Registered Dll notification callback with NTDLL.
3173154.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3183154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3193154.1e14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3203154.1e14: supR3HardenedDllNotificationCallback: load 00007ffc56f70000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3213154.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3223154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3233154.1e14: supR3HardenedDllNotificationCallback: load 00007ffc58450000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3243154.1e14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3253154.1e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\KERNEL32.DLL'
3263154.1e14: supR3HardenedDllNotificationCallback: load 00007ff6f4850000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3273154.1e14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3283154.1e14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3293154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3303154.1e14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc59991800 pvNtTerminateThread=00007ffc599bcb20
3313700.336c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms.
3323154.1e14: \SystemRoot\System32\ntdll.dll:
3333154.1e14: CreationTime: 2019-09-11T09:51:12.517287500Z
3343154.1e14: LastWriteTime: 2019-09-11T09:51:12.548538500Z
3353154.1e14: ChangeTime: 2019-09-11T10:31:41.589473100Z
3363154.1e14: FileAttributes: 0x20
3373154.1e14: Size: 0x1e8458
3383154.1e14: NT Headers: 0xd8
3393154.1e14: Timestamp: 0xf24fc044
3403154.1e14: Machine: 0x8664 - amd64
3413154.1e14: Timestamp: 0xf24fc044
3423154.1e14: Image Version: 10.0
3433154.1e14: SizeOfImage: 0x1f0000 (2031616)
3443154.1e14: Resource Dir: 0x17f000 LB 0x6f310
3453154.1e14: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3463154.1e14: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3473154.1e14: ProductName: Microsoft® Windows® Operating System
3483154.1e14: ProductVersion: 10.0.18362.356
3493154.1e14: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
3503154.1e14: FileDescription: NT Layer DLL
3513154.1e14: \SystemRoot\System32\kernel32.dll:
3523154.1e14: CreationTime: 2019-09-11T09:50:01.902264300Z
3533154.1e14: LastWriteTime: 2019-09-11T09:50:01.917939900Z
3543154.1e14: ChangeTime: 2019-09-11T10:31:38.245801700Z
3553154.1e14: FileAttributes: 0x20
3563154.1e14: Size: 0xb0570
3573154.1e14: NT Headers: 0xe8
3583154.1e14: Timestamp: 0xd0cecc10
3593154.1e14: Machine: 0x8664 - amd64
3603154.1e14: Timestamp: 0xd0cecc10
3613154.1e14: Image Version: 10.0
3623154.1e14: SizeOfImage: 0xb2000 (729088)
3633154.1e14: Resource Dir: 0xb0000 LB 0x520
3643154.1e14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3653154.1e14: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3663154.1e14: ProductName: Microsoft® Windows® Operating System
3673154.1e14: ProductVersion: 10.0.18362.329
3683154.1e14: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
3693154.1e14: FileDescription: Windows NT BASE API Client DLL
3703154.1e14: \SystemRoot\System32\KernelBase.dll:
3713154.1e14: CreationTime: 2019-09-11T09:51:13.079783400Z
3723154.1e14: LastWriteTime: 2019-09-11T09:51:13.157907200Z
3733154.1e14: ChangeTime: 2019-09-11T10:31:40.902051500Z
3743154.1e14: FileAttributes: 0x20
3753154.1e14: Size: 0x2a2638
3763154.1e14: NT Headers: 0xf0
3773154.1e14: Timestamp: 0x7083db20
3783154.1e14: Machine: 0x8664 - amd64
3793154.1e14: Timestamp: 0x7083db20
3803154.1e14: Image Version: 10.0
3813154.1e14: SizeOfImage: 0x2a3000 (2764800)
3823154.1e14: Resource Dir: 0x27d000 LB 0x548
3833154.1e14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3843154.1e14: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3853154.1e14: ProductName: Microsoft® Windows® Operating System
3863154.1e14: ProductVersion: 10.0.18362.356
3873154.1e14: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
3883154.1e14: FileDescription: Windows NT BASE API Client DLL
3893154.1e14: \SystemRoot\System32\apisetschema.dll:
3903154.1e14: CreationTime: 2019-03-19T04:43:54.837151500Z
3913154.1e14: LastWriteTime: 2019-03-19T04:43:54.837151500Z
3923154.1e14: ChangeTime: 2019-09-11T09:53:32.430054800Z
3933154.1e14: FileAttributes: 0x20
3943154.1e14: Size: 0x1d028
3953154.1e14: NT Headers: 0xc8
3963154.1e14: Timestamp: 0xd6ced080
3973154.1e14: Machine: 0x8664 - amd64
3983154.1e14: Timestamp: 0xd6ced080
3993154.1e14: Image Version: 10.0
4003154.1e14: SizeOfImage: 0x1e000 (122880)
4013154.1e14: Resource Dir: 0x1d000 LB 0x408
4023154.1e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4033154.1e14: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4043154.1e14: ProductName: Microsoft® Windows® Operating System
4053154.1e14: ProductVersion: 10.0.18362.1
4063154.1e14: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
4073154.1e14: FileDescription: ApiSet Schema DLL
4083154.1e14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4093154.1e14: supR3HardenedWinFindAdversaries: 0x40
4103154.1e14: \SystemRoot\System32\drivers\klflt.sys:
4113154.1e14: CreationTime: 2018-07-09T10:08:29.489972000Z
4123154.1e14: LastWriteTime: 2019-05-18T02:57:02.000000000Z
4133154.1e14: ChangeTime: 2019-08-27T12:05:27.482138700Z
4143154.1e14: FileAttributes: 0x20
4153154.1e14: Size: 0x3f478
4163154.1e14: NT Headers: 0xf8
4173154.1e14: Timestamp: 0x5cde4686
4183154.1e14: Machine: 0x8664 - amd64
4193154.1e14: Timestamp: 0x5cde4686
4203154.1e14: Image Version: 6.1
4213154.1e14: SizeOfImage: 0x4d000 (315392)
4223154.1e14: Resource Dir: 0x4a000 LB 0x420
4233154.1e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4243154.1e14: [Raw version resource data: 0x4a060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
4253154.1e14: ProductName: System Interceptors PDK
4263154.1e14: ProductVersion: 17.0.126.0
4273154.1e14: FileVersion: 17.0.126.0
4283154.1e14: FileDescription: Filter Core [fre_win7_x64]
4293154.1e14: \SystemRoot\System32\drivers\klif.sys:
4303154.1e14: CreationTime: 2018-07-09T10:08:29.489972000Z
4313154.1e14: LastWriteTime: 2019-05-18T02:57:02.000000000Z
4323154.1e14: ChangeTime: 2019-08-27T12:05:27.449914000Z
4333154.1e14: FileAttributes: 0x20
4343154.1e14: Size: 0x101878
4353154.1e14: NT Headers: 0x110
4363154.1e14: Timestamp: 0x5cde468c
4373154.1e14: Machine: 0x8664 - amd64
4383154.1e14: Timestamp: 0x5cde468c
4393154.1e14: Image Version: 6.1
4403154.1e14: SizeOfImage: 0x103000 (1060864)
4413154.1e14: Resource Dir: 0xf9000 LB 0x3400
4423154.1e14: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
4433154.1e14: [Raw version resource data: 0xf9378 LB 0x3d8, codepage 0x0 (reserved 0x0)]
4443154.1e14: ProductName: System Interceptors PDK
4453154.1e14: ProductVersion: 17.0.126.0
4463154.1e14: FileVersion: 17.0.126.0
4473154.1e14: FileDescription: Core System Interceptors [fre_win7_x64]
4483154.1e14: \SystemRoot\System32\drivers\klim6.sys:
4493154.1e14: CreationTime: 2019-02-13T12:12:53.473104300Z
4503154.1e14: LastWriteTime: 2019-01-28T01:49:40.000000000Z
4513154.1e14: ChangeTime: 2019-08-27T12:05:29.020781300Z
4523154.1e14: FileAttributes: 0x20
4533154.1e14: Size: 0xe750
4543154.1e14: NT Headers: 0xf8
4553154.1e14: Timestamp: 0x5c4b1141
4563154.1e14: Machine: 0x8664 - amd64
4573154.1e14: Timestamp: 0x5c4b1141
4583154.1e14: Image Version: 6.1
4593154.1e14: SizeOfImage: 0xb000 (45056)
4603154.1e14: Resource Dir: 0x9000 LB 0x438
4613154.1e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4623154.1e14: [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
4633154.1e14: ProductName: System Interceptors PDK
4643154.1e14: ProductVersion: 17.0.103.0
4653154.1e14: FileVersion: 17.0.103.0
4663154.1e14: FileDescription: Packet Network Filter [fre_win7_x64]
4673154.1e14: \SystemRoot\System32\drivers\kneps.sys:
4683154.1e14: CreationTime: 2018-07-09T10:08:29.536844400Z
4693154.1e14: LastWriteTime: 2019-04-29T05:50:14.000000000Z
4703154.1e14: ChangeTime: 2019-08-27T12:05:28.807908100Z
4713154.1e14: FileAttributes: 0x20
4723154.1e14: Size: 0x3a150
4733154.1e14: NT Headers: 0xf8
4743154.1e14: Timestamp: 0x5cc1c45c
4753154.1e14: Machine: 0x8664 - amd64
4763154.1e14: Timestamp: 0x5cc1c45c
4773154.1e14: Image Version: 6.1
4783154.1e14: SizeOfImage: 0x3a000 (237568)
4793154.1e14: Resource Dir: 0x37000 LB 0x430
4803154.1e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4813154.1e14: [Raw version resource data: 0x37060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
4823154.1e14: ProductName: System Interceptors PDK
4833154.1e14: ProductVersion: 17.0.110.0
4843154.1e14: FileVersion: 17.0.110.0
4853154.1e14: FileDescription: Network Processor [fre_win7_x64]
4863154.1e14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4873154.1e14: Calling main()
4883154.1e14: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4893154.1e14: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4903154.1e14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4913154.1e14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4923154.1e14: SUPR3HardenedMain: Respawn #2
4933154.1e14: supR3HardNtEnableThreadCreationEx:
4943154.1e14: supR3HardenedDllNotificationCallback: load 00007ffc58510000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4953154.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4963154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4973154.1e14: supR3HardenedDllNotificationCallback: load 00007ffc58630000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4983154.1e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4993154.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5003154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5013154.1e14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5023154.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
5033154.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5043154.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5053154.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5063154.1e14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5073154.1e14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5083154.1e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc59920000 'C:\WINDOWS\System32\ntdll.dll'
5093154.1e14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc59991800 pvNtTerminateThread=00007ffc599bcb20
5103154.1e14: supR3HardenedWinDoReSpawn(2): New child 3f54.2818 [kernel32].
5113154.1e14: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5123154.1e14: supR3HardNtChildGatherData: PebBaseAddress=0000000000d6a000 cbPeb=0x388
5133154.1e14: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc59920000 uNtDllChildAddr=00007ffc59920000
5143154.1e14: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc59991800
5153154.1e14: supR3HardenedWinSetupChildInit: Start child.
5163154.1e14: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5173154.1e14: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 59 sleeps
5183154.1e14: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5193154.1e14: *0000000000000000-0000000000a4ffff 0x0001/0x0000 0x0000000
5203154.1e14: *0000000000a50000-0000000000a6ffff 0x0004/0x0004 0x0020000
5213154.1e14: *0000000000a70000-0000000000a8afff 0x0002/0x0002 0x0040000
5223154.1e14: 0000000000a8b000-0000000000a8ffff 0x0001/0x0000 0x0000000
5233154.1e14: *0000000000a90000-0000000000b8afff 0x0000/0x0004 0x0020000
5243154.1e14: 0000000000b8b000-0000000000b8dfff 0x0104/0x0004 0x0020000
5253154.1e14: 0000000000b8e000-0000000000b8ffff 0x0004/0x0004 0x0020000
5263154.1e14: *0000000000b90000-0000000000b93fff 0x0002/0x0002 0x0040000
5273154.1e14: 0000000000b94000-0000000000b9ffff 0x0001/0x0000 0x0000000
5283154.1e14: *0000000000ba0000-0000000000ba1fff 0x0004/0x0004 0x0020000
5293154.1e14: 0000000000ba2000-0000000000bfffff 0x0001/0x0000 0x0000000
5303154.1e14: *0000000000c00000-0000000000d69fff 0x0000/0x0004 0x0020000
5313154.1e14: 0000000000d6a000-0000000000d6cfff 0x0004/0x0004 0x0020000
5323154.1e14: 0000000000d6d000-0000000000dfffff 0x0000/0x0004 0x0020000
5333154.1e14: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
5343154.1e14: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5353154.1e14: 000000007ffe1000-00007ff5d4b5ffff 0x0001/0x0000 0x0000000
5363154.1e14: *00007ff5d4b60000-00007ff5d4b60fff 0x0002/0x0002 0x0040000
5373154.1e14: 00007ff5d4b61000-00007ff5d4b6ffff 0x0001/0x0000 0x0000000
5383154.1e14: *00007ff5d4b70000-00007ff5d4b92fff 0x0002/0x0002 0x0040000
5393154.1e14: 00007ff5d4b93000-00007ff6f484ffff 0x0001/0x0000 0x0000000
5403154.1e14: *00007ff6f4850000-00007ff6f4850fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5413154.1e14: 00007ff6f4851000-00007ff6f48c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5423154.1e14: 00007ff6f48c6000-00007ff6f48c6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5433154.1e14: 00007ff6f48c7000-00007ff6f490efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5443154.1e14: 00007ff6f490f000-00007ff6f490ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5453154.1e14: 00007ff6f4910000-00007ff6f4910fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5463154.1e14: 00007ff6f4911000-00007ff6f4915fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5473154.1e14: 00007ff6f4916000-00007ff6f4916fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5483154.1e14: 00007ff6f4917000-00007ff6f4917fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5493154.1e14: 00007ff6f4918000-00007ff6f491bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5503154.1e14: 00007ff6f491c000-00007ff6f4964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5513154.1e14: 00007ff6f4965000-00007ffc5991ffff 0x0001/0x0000 0x0000000
5523154.1e14: *00007ffc59920000-00007ffc59920fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5533154.1e14: 00007ffc59921000-00007ffc59a37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5543154.1e14: 00007ffc59a38000-00007ffc59a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5553154.1e14: 00007ffc59a7f000-00007ffc59a8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5563154.1e14: 00007ffc59a8b000-00007ffc59a99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5573154.1e14: 00007ffc59a9a000-00007ffc59a9afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5583154.1e14: 00007ffc59a9b000-00007ffc59a9dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5593154.1e14: 00007ffc59a9e000-00007ffc59b0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5603154.1e14: 00007ffc59b10000-00007ffffffeffff 0x0001/0x0000 0x0000000
5613154.1e14: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
5623154.1e14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5633154.1e14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5643154.1e14: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
5653f54.2818: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
5663f54.2818: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc59920000 g_uNtVerCombined=0xa047ba00
5673f54.2818: ntdll.dll: timestamp 0xf24fc044 (rc=VINF_SUCCESS)
5683f54.2818: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2031616 allocation)
5693154.1e14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000660000 LB 0x400000)
5703154.1e14: supR3HardNtEnableThreadCreationEx:
5713f54.2818: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5723f54.2818: System32: \Device\HarddiskVolume2\Windows\System32
5733f54.2818: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
5743f54.2818: KnownDllPath: C:\WINDOWS\System32
5753f54.2818: supR3HardenedVmProcessInit: Opening vboxdrv...
5763f54.2818: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5773f54.2818: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5783f54.2818: Registered Dll notification callback with NTDLL.
5793f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5803f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5813f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5823f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56f70000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5833f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5843f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5853f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58450000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5863f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5873f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\KERNEL32.DLL'
5883f54.2818: supR3HardenedDllNotificationCallback: load 00007ff6f4850000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5893f54.2818: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5903f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5913f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5923f54.2818: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc59991800 pvNtTerminateThread=00007ffc599bcb20
5933154.1e14: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms.
5943f54.2818: \SystemRoot\System32\ntdll.dll:
5953f54.2818: CreationTime: 2019-09-11T09:51:12.517287500Z
5963f54.2818: LastWriteTime: 2019-09-11T09:51:12.548538500Z
5973f54.2818: ChangeTime: 2019-09-11T10:31:41.589473100Z
5983f54.2818: FileAttributes: 0x20
5993f54.2818: Size: 0x1e8458
6003f54.2818: NT Headers: 0xd8
6013f54.2818: Timestamp: 0xf24fc044
6023f54.2818: Machine: 0x8664 - amd64
6033f54.2818: Timestamp: 0xf24fc044
6043f54.2818: Image Version: 10.0
6053f54.2818: SizeOfImage: 0x1f0000 (2031616)
6063f54.2818: Resource Dir: 0x17f000 LB 0x6f310
6073f54.2818: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6083f54.2818: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6093f54.2818: ProductName: Microsoft® Windows® Operating System
6103f54.2818: ProductVersion: 10.0.18362.356
6113f54.2818: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
6123f54.2818: FileDescription: NT Layer DLL
6133f54.2818: \SystemRoot\System32\kernel32.dll:
6143f54.2818: CreationTime: 2019-09-11T09:50:01.902264300Z
6153f54.2818: LastWriteTime: 2019-09-11T09:50:01.917939900Z
6163f54.2818: ChangeTime: 2019-09-11T10:31:38.245801700Z
6173f54.2818: FileAttributes: 0x20
6183f54.2818: Size: 0xb0570
6193f54.2818: NT Headers: 0xe8
6203f54.2818: Timestamp: 0xd0cecc10
6213f54.2818: Machine: 0x8664 - amd64
6223f54.2818: Timestamp: 0xd0cecc10
6233f54.2818: Image Version: 10.0
6243f54.2818: SizeOfImage: 0xb2000 (729088)
6253f54.2818: Resource Dir: 0xb0000 LB 0x520
6263f54.2818: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6273f54.2818: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6283f54.2818: ProductName: Microsoft® Windows® Operating System
6293f54.2818: ProductVersion: 10.0.18362.329
6303f54.2818: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
6313f54.2818: FileDescription: Windows NT BASE API Client DLL
6323f54.2818: \SystemRoot\System32\KernelBase.dll:
6333f54.2818: CreationTime: 2019-09-11T09:51:13.079783400Z
6343f54.2818: LastWriteTime: 2019-09-11T09:51:13.157907200Z
6353f54.2818: ChangeTime: 2019-09-11T10:31:40.902051500Z
6363f54.2818: FileAttributes: 0x20
6373f54.2818: Size: 0x2a2638
6383f54.2818: NT Headers: 0xf0
6393f54.2818: Timestamp: 0x7083db20
6403f54.2818: Machine: 0x8664 - amd64
6413f54.2818: Timestamp: 0x7083db20
6423f54.2818: Image Version: 10.0
6433f54.2818: SizeOfImage: 0x2a3000 (2764800)
6443f54.2818: Resource Dir: 0x27d000 LB 0x548
6453f54.2818: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6463f54.2818: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6473f54.2818: ProductName: Microsoft® Windows® Operating System
6483f54.2818: ProductVersion: 10.0.18362.356
6493f54.2818: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
6503f54.2818: FileDescription: Windows NT BASE API Client DLL
6513f54.2818: \SystemRoot\System32\apisetschema.dll:
6523f54.2818: CreationTime: 2019-03-19T04:43:54.837151500Z
6533f54.2818: LastWriteTime: 2019-03-19T04:43:54.837151500Z
6543f54.2818: ChangeTime: 2019-09-11T09:53:32.430054800Z
6553f54.2818: FileAttributes: 0x20
6563f54.2818: Size: 0x1d028
6573f54.2818: NT Headers: 0xc8
6583f54.2818: Timestamp: 0xd6ced080
6593f54.2818: Machine: 0x8664 - amd64
6603f54.2818: Timestamp: 0xd6ced080
6613f54.2818: Image Version: 10.0
6623f54.2818: SizeOfImage: 0x1e000 (122880)
6633f54.2818: Resource Dir: 0x1d000 LB 0x408
6643f54.2818: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6653f54.2818: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6663f54.2818: ProductName: Microsoft® Windows® Operating System
6673f54.2818: ProductVersion: 10.0.18362.1
6683f54.2818: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
6693f54.2818: FileDescription: ApiSet Schema DLL
6703f54.2818: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6713f54.2818: supR3HardenedWinFindAdversaries: 0x40
6723f54.2818: \SystemRoot\System32\drivers\klflt.sys:
6733f54.2818: CreationTime: 2018-07-09T10:08:29.489972000Z
6743f54.2818: LastWriteTime: 2019-05-18T02:57:02.000000000Z
6753f54.2818: ChangeTime: 2019-08-27T12:05:27.482138700Z
6763f54.2818: FileAttributes: 0x20
6773f54.2818: Size: 0x3f478
6783f54.2818: NT Headers: 0xf8
6793f54.2818: Timestamp: 0x5cde4686
6803f54.2818: Machine: 0x8664 - amd64
6813f54.2818: Timestamp: 0x5cde4686
6823f54.2818: Image Version: 6.1
6833f54.2818: SizeOfImage: 0x4d000 (315392)
6843f54.2818: Resource Dir: 0x4a000 LB 0x420
6853f54.2818: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6863f54.2818: [Raw version resource data: 0x4a060 LB 0x3c0, codepage 0x0 (reserved 0x0)]
6873f54.2818: ProductName: System Interceptors PDK
6883f54.2818: ProductVersion: 17.0.126.0
6893f54.2818: FileVersion: 17.0.126.0
6903f54.2818: FileDescription: Filter Core [fre_win7_x64]
6913f54.2818: \SystemRoot\System32\drivers\klif.sys:
6923f54.2818: CreationTime: 2018-07-09T10:08:29.489972000Z
6933f54.2818: LastWriteTime: 2019-05-18T02:57:02.000000000Z
6943f54.2818: ChangeTime: 2019-08-27T12:05:27.449914000Z
6953f54.2818: FileAttributes: 0x20
6963f54.2818: Size: 0x101878
6973f54.2818: NT Headers: 0x110
6983f54.2818: Timestamp: 0x5cde468c
6993f54.2818: Machine: 0x8664 - amd64
7003f54.2818: Timestamp: 0x5cde468c
7013f54.2818: Image Version: 6.1
7023f54.2818: SizeOfImage: 0x103000 (1060864)
7033f54.2818: Resource Dir: 0xf9000 LB 0x3400
7043f54.2818: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
7053f54.2818: [Raw version resource data: 0xf9378 LB 0x3d8, codepage 0x0 (reserved 0x0)]
7063f54.2818: ProductName: System Interceptors PDK
7073f54.2818: ProductVersion: 17.0.126.0
7083f54.2818: FileVersion: 17.0.126.0
7093f54.2818: FileDescription: Core System Interceptors [fre_win7_x64]
7103f54.2818: \SystemRoot\System32\drivers\klim6.sys:
7113f54.2818: CreationTime: 2019-02-13T12:12:53.473104300Z
7123f54.2818: LastWriteTime: 2019-01-28T01:49:40.000000000Z
7133f54.2818: ChangeTime: 2019-08-27T12:05:29.020781300Z
7143f54.2818: FileAttributes: 0x20
7153f54.2818: Size: 0xe750
7163f54.2818: NT Headers: 0xf8
7173f54.2818: Timestamp: 0x5c4b1141
7183f54.2818: Machine: 0x8664 - amd64
7193f54.2818: Timestamp: 0x5c4b1141
7203f54.2818: Image Version: 6.1
7213f54.2818: SizeOfImage: 0xb000 (45056)
7223f54.2818: Resource Dir: 0x9000 LB 0x438
7233f54.2818: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7243f54.2818: [Raw version resource data: 0x9060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
7253f54.2818: ProductName: System Interceptors PDK
7263f54.2818: ProductVersion: 17.0.103.0
7273f54.2818: FileVersion: 17.0.103.0
7283f54.2818: FileDescription: Packet Network Filter [fre_win7_x64]
7293f54.2818: \SystemRoot\System32\drivers\kneps.sys:
7303f54.2818: CreationTime: 2018-07-09T10:08:29.536844400Z
7313f54.2818: LastWriteTime: 2019-04-29T05:50:14.000000000Z
7323f54.2818: ChangeTime: 2019-08-27T12:05:28.807908100Z
7333f54.2818: FileAttributes: 0x20
7343f54.2818: Size: 0x3a150
7353f54.2818: NT Headers: 0xf8
7363f54.2818: Timestamp: 0x5cc1c45c
7373f54.2818: Machine: 0x8664 - amd64
7383f54.2818: Timestamp: 0x5cc1c45c
7393f54.2818: Image Version: 6.1
7403f54.2818: SizeOfImage: 0x3a000 (237568)
7413f54.2818: Resource Dir: 0x37000 LB 0x430
7423f54.2818: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7433f54.2818: [Raw version resource data: 0x37060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
7443f54.2818: ProductName: System Interceptors PDK
7453f54.2818: ProductVersion: 17.0.110.0
7463f54.2818: FileVersion: 17.0.110.0
7473f54.2818: FileDescription: Network Processor [fre_win7_x64]
7483f54.2818: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7493f54.2818: Calling main()
7503f54.2818: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
7513f54.2818: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7523f54.2818: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7533f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7543f54.2818: SUPR3HardenedMain: Final process, opening VBoxDrv...
7553f54.2818: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
7563f54.2818: supR3HardNtEnableThreadCreationEx:
7573f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7583f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7593f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7603f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7613f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4bcd0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7623f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7633f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7643f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7653f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4bcd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7663f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7673f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7683f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4bcd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7693f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4bcd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7703f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7713f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
7723f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
7733f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
7743f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
7753f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
7763f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7773f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7783f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
7793f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
7803f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7813f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7823f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
7833f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
7843f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7853f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7863f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7873f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
7883f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
7893f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7913f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
7923f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
7933f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7943f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7953f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7963f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7973f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc57c50000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
7983f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7993f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56860000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
8003f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8013f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56d50000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
8023f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
8033f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
8043f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56c00000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
8053f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8063f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58510000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
8073f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8083f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56a00000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
8093f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8103f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8113f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8123f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-synch-l1-2-0'
8133f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8143f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8153f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-fibers-l1-1-1'
8163f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8173f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8183f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-fibers-l1-1-1'
8193f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8203f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8213f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-synch-l1-2-0'
8223f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
8233f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8243f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-l1-2-1'
8253f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56a00000 'C:\WINDOWS\system32\Wintrust.dll'
8263f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8273f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8283f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8293f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56f40000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
8303f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8313f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f40000 'C:\WINDOWS\system32\bcrypt.dll'
8323f54.2818: bcrypt.dll loaded at 00007ffc56f40000, BCryptOpenAlgorithmProvider at 00007ffc56f44c70, preloading providers:
8333f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8343f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8353f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8363f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc568a0000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
8373f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8383f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc568a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8393f54.2818: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000014c96f0)
8403f54.2818: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000014cefe0)
8413f54.2818: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000014cf2e0)
8423f54.2818: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000014cf5e0)
8433f54.2818: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000014cf8e0)
8443f54.2818: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000014cfbe0)
8453f54.2818: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000014cfee0)
8463f54.2818: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000014d01e0)
8473f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56880000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
8483f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
8493f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
8503f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
8513f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
8523f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
8533f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8543f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8553f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8563f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8573f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8583f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55b40000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
8593f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8603f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
8613f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
8623f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
8633f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
8643f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56200000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
8653f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8663f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8673f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
8683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
8693f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8703f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8713f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\kernel32.dll'
8723f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8733f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8743f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56a00000 'C:\WINDOWS\System32\WINTRUST.DLL'
8753f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8763f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8773f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\CRYPT32.dll'
8783f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc587c0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
8793f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
8803f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
8813f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
8823f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8833f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8853f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8863f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8873f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
8883f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58630000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8893f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
8903f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
8913f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
8923f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8933f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
8943f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
8953f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
8963f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc553e0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
8973f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8983f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc567d0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
8993f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9003f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9013f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9023f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9033f54.2818: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9043f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9063f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9073f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9083f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9103f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9113f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9123f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9133f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9163f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9173f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9183f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9193f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9203f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9213f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9223f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc48ea0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
9233f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9243f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9253f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9263f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9273f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9283f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9293f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9303f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9313f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9323f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9333f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9343f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9353f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9363f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9373f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9383f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9393f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9403f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9413f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9423f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9433f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9443f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9453f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9463f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9473f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9483f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9493f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9503f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9513f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9523f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\WINDOWS\System32\cryptnet.dll'
9533f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc48ea0000 'C:\Windows\System32\cryptnet.dll'
9553f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58b20000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
9563f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9573f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
9583f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9593f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
9603f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
9613f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9643f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9653f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9663f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9673f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9693f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9703f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9713f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9723f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
9733f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9743f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9753f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
9763f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9773f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014f15f0
9783f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
9793f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FF0E0DB0F3B25F10A57DF1ED1D340BCBE29B8F90
9803f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9813f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9823f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58510000 'C:\WINDOWS\System32\rpcrt4.dll'
9833f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9843f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9853f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
9863f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9873f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9883f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
9893f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\SystemRoot\System32\ntdll.dll'
9903f54.2818: g_pfnWinVerifyTrust=00007ffc56a061f0
9913f54.2818: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9923f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9933f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9943f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
9953f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9963f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9973f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
9983f54.2818: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9993f54.2818: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10003f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10013f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10023f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10033f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10043f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10053f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10063f54.2818: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10073f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10083f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10093f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10103f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10113f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10123f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10133f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
10143f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
10153f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
10163f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10173f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10183f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10193f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10203f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10213f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10223f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10233f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10243f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10253f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10263f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10273f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10283f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10293f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10303f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10313f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10323f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10333f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10343f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10353f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10363f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10373f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10383f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10393f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10403f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10413f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10423f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10433f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10443f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10453f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10463f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10473f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
10483f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
10493f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10503f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10513f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10523f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10533f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10553f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
10563f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10573f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10583f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
10593f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10603f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10613f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
10623f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10633f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10643f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
10653f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10663f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10673f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
10683f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10693f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10703f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
10713f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10723f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10733f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10743f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
10753f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10763f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10773f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
10783f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
10793f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
10803f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
10813f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\system32\crypt32.dll'
10823f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x4ca2da6340fc6648 CN=USB\VID_2931&PID_0A05&MI_01 (libwdi autogenerated)
10833f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
10843f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd2d927fe6f2fc000 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus personal root certificate
10853f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10863f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x3e52047374f01134 CN=USB\VID_2931&PID_0A05&MI_04 (libwdi autogenerated)
10873f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10883f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x8257f616c904770 CN=USB\VID_2931&PID_0A05&MI_03 (libwdi autogenerated)
10893f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x689b4e95f1bcbc00 C=US, ST=CA, OU=ManageEngine, O=Zoho Corporation, CN=ManageEngineCA, CN=ManageEngineCA-DS, OU=ManageEngine-DS
10903f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10913f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe0e92d32948de700 O=AO Kaspersky Lab, CN=Kaspersky Endpoint Security Personal Root Certificate
10923f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
10933f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10943f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x6616c6479bcc1dcc CN=USB\VID_2931&PID_0A05&MI_02 (libwdi autogenerated)
10953f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x366fce8fc609100 C=US, ST=CA, OU=ManageEngine, O=Zoho Corporation, CN=ManageEngineCA
10963f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10973f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
10983f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xc33cd4179d96ba00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus personal root certificate
10993f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11003f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
11013f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11023f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11033f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x7e9b1264bfa6c100 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus personal root certificate
11043f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
11053f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
11063f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
11073f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11083f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11093f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
11103f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11113f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11123f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xfb700f54a232be00 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
11133f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
11143f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11153f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11163f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11173f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11183f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11193f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11203f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11213f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11223f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11233f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11243f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
11253f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
11263f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11273f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
11283f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11293f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11303f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11313f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
11323f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
11333f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
11343f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11353f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11363f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
11373f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
11383f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11393f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11403f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11413f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
11423f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
11433f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
11443f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11453f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11463f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11473f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11483f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11493f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11503f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11513f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
11523f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11533f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
11543f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
11553f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
11563f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
11573f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
11583f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
11593f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11603f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
11613f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11623f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
11633f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11643f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11653f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x76d028973436b500 Email=nkz@dfs.de, CN=dd-zfpls.prod.bk.dfs, OU=SIS, O=DFS Deutsche Flugsicherung GmbH, C=DE, ST=Hessen, L=Langen
11663f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe9fa57dad639a800 Email=nkz@dfs.de, CN=dd-zfpls.prod.bk.dfs, OU=SIS, O=DFS Deutsche Flugsicherung GmbH, C=DE, ST=Hessen, L=Langen
11673f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x7e0b236c64a0b100 Email=nkz@dfs.de, CN=uu-zfpls.prod.bk.dfs, OU=SIS, O=DFS Deutsche Flugsicherung GmbH, C=DE, ST=Hessen, L=Langen
11683f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xbc6368fd05e19d00 DC=local, DC=ac-b, CN=AC-B CA
11693f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xbc06e14676f0d700 Email=nkz@dfs.de, CN=dd-ams.prod.bk.dfs, OU=SIS, O=DFS Deutsche Flugsicherung GmbH, C=DE, ST=Hessen, L=Langen
11703f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x37d246c3ea0bac00 DC=local, DC=ac-b, CN=ac-b-DC-SRV1-CA
11713f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xe730776d1fd00099 DC=local, DC=ac-b, CN=CA AC-B GmbH
11723f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0xbc6368fd05e19d00 DC=local, DC=ac-b, CN=AC-B CA
11733f54.2818: supR3HardenedWinIsDesiredRootCA: Adding 0x5286fbc59f7da800 DC=local, DC=ac-b, CN=CA AC-B GmbH
11743f54.2818: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=92
11753f54.2818: SUPR3HardenedMain: Load Runtime...
11763f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
11773f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11783f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11793f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
11803f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11813f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11823f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11833f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11853f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
11863f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
11873f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11883f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
11893f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11913f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11923f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11933f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11943f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11953f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11963f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11973f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11983f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
11993f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12003f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12013f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12023f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12033f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12063f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12073f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
12083f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12093f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
12103f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12113f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12123f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12133f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12143f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12153f54.2818: supR3HardenedDllNotificationCallback: load 00000000562a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12163f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12173f54.2818: supR3HardenedDllNotificationCallback: load 00000000537f0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12183f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12193f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58750000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
12203f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12213f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc25e50000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12223f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12233f54.2818: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12243f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12253f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12263f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12273f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12283f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12293f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12303f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12313f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12323f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12333f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12343f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12353f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12363f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12373f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12383f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12393f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12403f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12413f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12423f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12433f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12443f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12453f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12463f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12473f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12483f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12493f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12503f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12513f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12523f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12533f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12553f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12563f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12573f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12583f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12593f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12603f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12613f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12623f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12633f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12643f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12653f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12663f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12673f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12683f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12693f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12703f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12713f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12723f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12733f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25e50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12743f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
12753f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12763f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56a00000 'C:\WINDOWS\system32\Wintrust.dll'
12773f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
12783f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
12793f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
12803f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12813f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
12823f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
12833f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\system32\crypt32.dll'
12843f54.2818: SUPR3HardenedMain: Load TrustedMain...
12853f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
12863f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12873f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
12883f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12893f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12903f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12913f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12923f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12933f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12943f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12953f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12963f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12973f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12983f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12993f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
13003f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
13013f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13023f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13033f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
13043f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
13053f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
13063f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13073f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13083f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13103f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13113f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13123f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13133f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13163f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
13173f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13183f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
13193f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
13203f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13213f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13223f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13233f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
13243f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13253f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13263f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
13273f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13283f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13293f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13303f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13313f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13323f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13333f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13343f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13353f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13363f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13373f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13383f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
13393f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13403f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
13413f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
13423f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
13433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13453f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
13463f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
13473f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
13483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13503f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
13513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13523f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13533f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
13543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
13553f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
13563f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
13573f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
13583f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
13593f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13603f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13613f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13653f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
13663f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13673f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13683f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
13693f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13703f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13713f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
13723f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
13733f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13743f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13753f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
13763f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
13773f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
13783f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
13793f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13803f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13813f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13823f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13833f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
13843f54.2818: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
13853f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
13863f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
13873f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13883f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13893f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13913f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13923f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13933f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
13943f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
13953f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13963f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13973f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
13983f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13993f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14003f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14013f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14023f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14033f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14053f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
14063f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
14073f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14083f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14093f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14103f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14113f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14123f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14133f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14163f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14173f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14183f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14193f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14203f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
14213f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14223f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14233f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14243f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14253f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14263f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14273f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14283f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14293f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14303f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14313f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14323f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14333f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14343f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14353f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14363f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14373f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14383f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14393f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14403f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14413f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14423f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14453f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14463f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14473f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14483f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14493f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14503f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14513f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14523f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14533f54.2818: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14543f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14553f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14573f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14583f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14603f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14613f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14633f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
14643f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
14653f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
14663f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
14673f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14693f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14703f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14713f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14723f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14733f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14743f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14753f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14763f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14773f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14783f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14793f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14803f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14813f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14823f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14833f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14853f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14863f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14873f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14883f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14893f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14913f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14923f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14933f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14943f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14953f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14963f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14973f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
14983f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14993f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
15003f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15013f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15023f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
15033f54.2818: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
15043f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15063f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15073f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15083f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15103f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15113f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15123f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15133f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15163f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
15173f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
15183f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
15193f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15203f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15213f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15223f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15233f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15243f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15253f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15263f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15273f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15283f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15293f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15303f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15313f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15323f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15333f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15343f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15353f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15363f54.2818: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15373f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15383f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15393f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
15403f54.2818: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
15413f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15443f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15453f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15473f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15503f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15523f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15533f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15543f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15553f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15563f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15573f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15583f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15593f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15603f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15613f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15623f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15653f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15663f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15673f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15683f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15693f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
15703f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15713f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15723f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15733f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15743f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15753f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15763f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15773f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15783f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15793f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15803f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15813f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15823f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15833f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15853f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15863f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15873f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15883f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15893f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15913f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15923f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15933f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15943f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15953f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15963f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15973f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15983f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15993f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16003f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16013f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16023f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
16033f54.2818: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
16043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16063f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
16073f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
16083f54.2818: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
16093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16103f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16113f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
16123f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
16133f54.2818: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
16143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16163f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16173f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16183f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16193f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
16203f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
16213f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
16223f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
16233f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
16243f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16253f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16263f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
16273f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16283f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16293f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16303f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16313f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
16323f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
16333f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16343f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16353f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16363f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16373f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
16383f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
16393f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
16403f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D96AC08A370555DBA383B5B229B9D92AB1322E57
16413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16453f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16483f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16503f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16513f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16523f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16533f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16543f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
16553f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16573f54.2818: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16583f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16603f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16613f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16633f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16653f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16663f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16673f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16683f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
16693f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
16703f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.329.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
16713f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16723f54.2818: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
16733f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16743f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16753f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16763f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16773f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16783f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16793f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16803f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16813f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16823f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16833f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16843f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16853f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16863f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
16873f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll)
16883f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll
16893f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56920000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
16903f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16913f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56ea0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
16923f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16933f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56a60000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
16943f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16953f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16963f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16973f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16983f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
16993f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
17003f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc59540000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
17013f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
17023f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc581d0000 LB 0x00193000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
17033f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
17043f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc59570000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
17053f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
17063f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56e50000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
17073f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
17083f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17093f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55460000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
17103f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
17113f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4bf80000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
17123f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17133f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc23360000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
17143f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17153f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58be0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
17163f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17173f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
17183f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
17193f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
17203f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
17213f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc567c0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
17223f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll)
17233f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll
17243f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc56810000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
17253f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
17263f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
17273f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
17283f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
17293f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58ac0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
17303f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17313f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
17323f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
17333f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
17343f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17353f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc567f0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
17363f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
17373f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
17383f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
17393f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
17403f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc57220000 LB 0x0077e000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
17413f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
17423f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
17433f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
17443f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
17453f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
17463f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
17473f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58df0000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
17483f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
17493f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58c90000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
17503f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17513f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc347d0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
17523f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17533f54.2818: supR3HardenedDllNotificationCallback: load 0000000053e00000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17543f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17553f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc234c0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17563f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17573f54.2818: supR3HardenedDllNotificationCallback: load 0000000053890000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17583f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
17593f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58370000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
17603f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17613f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc23ac0000 LB 0x02387000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
17623f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
17633f54.2818: supR3HardenedDllNotificationCallback: load 0000000056240000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
17643f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17653f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc548c0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17663f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17673f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc548f0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
17683f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17693f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc22280000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
17703f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
17713f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
17723f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
17733f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
17743f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
17753f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
17763f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
17773f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
17783f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
17793f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
17803f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
17813f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
17823f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
17833f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
17843f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
17853f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17863f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17873f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
17883f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
17893f54.2818: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
17903f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
17913f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
17923f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
17933f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
17943f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
17953f54.2818: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17963f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17973f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
17983f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
17993f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18003f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
18013f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18023f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
18033f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18043f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
18053f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18063f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
18073f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
18083f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
18093f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18103f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18113f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18123f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
18133f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18143f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18153f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18163f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18173f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18183f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18193f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
18203f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18213f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18223f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
18233f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18243f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
18253f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18263f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18273f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18283f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18293f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18303f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18313f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
18323f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18333f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
18343f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18353f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18363f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18373f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18383f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18393f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18403f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
18423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
18433f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
18443f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
18453f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\umpdc.dll
18463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18503f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
18513f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18523f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
18533f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18543f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18553f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18573f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18583f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18603f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18613f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18623f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
18633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18653f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
18663f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18673f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
18683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18693f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18703f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18713f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18723f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18733f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18743f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18753f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18763f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18773f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
18783f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18793f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18803f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18813f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18823f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
18833f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18853f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18863f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18873f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
18883f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18893f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\kernel32.dll'
18903f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
18913f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18923f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-string-l1-1-0'
18933f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
18943f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18953f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-datetime-l1-1-1'
18963f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18973f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18983f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-obsolete-l1-2-0'
18993f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19003f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
19013f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
19023f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
19033f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
19043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19063f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19073f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
19083f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
19093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19103f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19113f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
19123f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
19133f54.2818: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
19143f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19153f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc57c20000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
19163f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19173f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc57c20000 'C:\WINDOWS\system32\IMM32.DLL'
19183f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19193f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
19203f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19213f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19223f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58b20000 'C:\WINDOWS\System32\ADVAPI32.DLL'
19233f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22280000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
19243f54.2818: SUPR3HardenedMain: Calling TrustedMain (00007ffc222816c0)...
19253f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19263f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19273f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19283f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19293f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19303f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19313f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19323f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19333f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19343f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19353f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19363f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19373f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19383f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19393f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19403f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19433f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19453f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19463f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19493f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19503f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19523f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
19533f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
19553f54.2818: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
19563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19573f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19583f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19603f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19613f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19643f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19653f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19663f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
19673f54.2818: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
19683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19693f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19703f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
19713f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19723f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
19733f54.2818: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
19743f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19753f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19763f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19773f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19783f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19793f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19803f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19813f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
19823f54.2818: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
19833f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19843f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19853f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc23230000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
19863f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19873f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23230000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
19883f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19893f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
19903f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
19913f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71A0B41C2A2D97E6C17677503DBE8A9A21901872
19923f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
19933f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
19943f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19953f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19963f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19973f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
19983f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
19993f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
20003f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20013f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20023f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20033f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20063f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20073f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20083f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20093f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc54b40000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
20103f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20113f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc54b40000 'C:\WINDOWS\system32\uxtheme.dll'
20123f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc581d0000 'C:\WINDOWS\system32\user32.dll'
20133f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20143f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20153f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58df0000 'C:\WINDOWS\system32\shell32.dll'
20163f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
20173f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
20183f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
20193f54.2818: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
20203f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20213f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58be0000 'C:\WINDOWS\system32\SHCore.dll'
20223f54.2818: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
20233f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
20243f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20253f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20263f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\system32\winmm.dll'
20273f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20283f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20293f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\system32\winmm.dll'
20303f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20313f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20323f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58df0000 'C:\WINDOWS\system32\shell32.dll'
20333f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20343f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20353f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc54b40000 'C:\WINDOWS\system32\uxtheme.dll'
20363f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20373f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20383f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58b20000 'C:\WINDOWS\system32\advapi32.dll'
20393f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
20403f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
20413f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20423f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
20433f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
20443f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
20453f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
20463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
20473f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
20483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20503f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20513f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
20523f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc566b0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
20533f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
20543f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc566b0000 'C:\WINDOWS\system32\userenv.dll'
20553f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
20563f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20573f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\kernel32.dll'
20583f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc587e0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
20593f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20603f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
20613f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
20623f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20633f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20643f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20653f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20663f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20673f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
20683f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
20693f54.4318: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
20703f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
20713f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20723f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20733f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20743f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20753f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20763f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20773f54.4318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20783f54.4318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20793f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20803f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20813f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20823f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20833f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20843f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20853f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20863f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20873f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20883f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20893f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20903f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20913f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20923f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20933f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20943f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20953f54.4318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20963f54.4318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20973f54.4318: supR3HardenedDllNotificationCallback: load 00007ffc22e80000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20983f54.4318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20993f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22e80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21003f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21013f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21023f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21033f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21043f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21053f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21063f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21073f54.4318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21083f54.4318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21093f54.4318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21103f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21113f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21123f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21133f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21143f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21153f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21163f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21173f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21183f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21193f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21203f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
21213f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21223f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
21233f54.4318: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
21243f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21253f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21263f54.4318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21273f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21283f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21293f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21303f54.4318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21313f54.4318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21323f54.4318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21333f54.4318: supR3HardenedDllNotificationCallback: load 00007ffc2f630000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21343f54.4318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21353f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f630000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21363f54.4318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21373f54.4318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21383f54.4318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58370000 'C:\Windows\System32\oleaut32.dll'
21393f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc59540000 'C:\WINDOWS\system32\gdi32.dll'
21403f54.2da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21413f54.2da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21423f54.2da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21433f54.2da8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21443f54.2da8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21453f54.2da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
21463f54.2da8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21473f54.2da8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21483f54.2da8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21493f54.2da8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21503f54.2da8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21513f54.2da8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21523f54.2da8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21533f54.2da8: supR3HardenedDllNotificationCallback: load 00007ffc4bcc0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
21543f54.2da8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21553f54.2da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4bcc0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
21563f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21573f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21583f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58df0000 'C:\WINDOWS\system32\shell32.dll'
21593f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc58980000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
21603f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21613f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
21623f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
21633f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
21643f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
21653f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
21663f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
21673f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21683f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21693f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
21703f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21713f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21723f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21733f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21743f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21753f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21763f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21773f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21783f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21793f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21803f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21813f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
21823f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
21833f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000678 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
21843f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
21853f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
21863f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
21873f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
21883f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
21893f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
21903f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21913f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21923f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
21933f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
21943f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
21953f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
21963f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
21973f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
21983f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
21993f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
22003f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
22013f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
22023f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
22033f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
22043f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
22053f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
22063f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22073f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22083f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22093f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22103f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
22113f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22123f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22133f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22143f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
22153f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
22163f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22173f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
22183f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
22193f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
22203f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
22213f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22223f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22233f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
22243f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
22253f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22263f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22273f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22283f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22293f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22303f54.2818: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
22313f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22323f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
22333f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
22343f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
22353f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22363f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22373f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22383f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22393f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22403f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22423f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22433f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22443f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
22453f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
22463f54.2818: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
22473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
22483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
22493f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
22503f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22523f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22533f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
22543f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
22553f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
22563f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22573f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55580000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
22583f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22593f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc538a0000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
22603f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
22613f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc53b60000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
22623f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
22633f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc37020000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
22643f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
22653f54.2818: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
22663f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
22673f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc59540000 'C:\WINDOWS\System32\gdi32.dll'
22683f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc37020000 'C:\WINDOWS\system32\dataexchange.dll'
22693f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
22703f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
22713f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
22723f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
22733f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
22743f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
22753f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22763f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
22773f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
22783f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
22793f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55070000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
22803f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
22813f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc54c10000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
22823f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
22833f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22843f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22853f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22863f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22873f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22883f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22893f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
22903f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22913f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22923f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
22933f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22943f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22953f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
22963f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
22973f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
22983f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
22993f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23003f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
23013f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23023f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23033f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
23043f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
23053f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23063f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58be0000 'C:\WINDOWS\system32\Shcore.dll'
23073f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23083f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
23093f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
23103f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
23113f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
23123f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
23133f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23143f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
23153f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
23163f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
23173f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
23183f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23193f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
23203f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
23213f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
23223f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
23233f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
23243f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
23253f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
23263f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
23273f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
23283f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55760000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
23293f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
23303f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc53d40000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
23313f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23323f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc514a0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
23333f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23343f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc51730000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
23353f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23363f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc41a90000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
23373f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23383f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23393f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
23403f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
23413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23453f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
23463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23503f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
23513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23523f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23533f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23543f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23553f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23573f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23583f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
23603f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
23613f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
23623f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23653f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23663f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23673f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23683f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
23693f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23703f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23713f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
23723f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23733f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23743f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
23753f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23763f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23773f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
23783f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23793f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23803f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
23813f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
23823f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23833f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc581d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
23843f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
23853f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23863f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc581d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
23873f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
23883f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23893f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc59570000 'api-ms-win-core-com-l1-1-0.dll'
23903f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23913f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
23923f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
23933f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4ca90000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
23943f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
23953f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23963f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23973f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
23983f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
23993f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
24003f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24013f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24023f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58c90000 'C:\WINDOWS\system32\ole32.dll'
24033f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
24043f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24053f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58980000 'C:\WINDOWS\System32\MSCTF.dll'
24063f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58c90000 'C:\WINDOWS\System32\ole32.dll'
24073f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24083f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24093f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58370000 'C:\WINDOWS\System32\OLEAUT32.dll'
24103f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24113f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
24123f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
24133f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
24143f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
24153f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
24163f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
24173f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24183f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24193f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
24203f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
24213f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24223f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24233f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24243f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24253f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24263f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
24273f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
24283f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
24293f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
24303f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
24313f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
24323f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24333f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24343f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
24353f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
24363f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
24373f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24383f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24393f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24403f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24413f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24423f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24433f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24443f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24453f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24463f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24483f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
24493f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24503f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24513f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24523f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24533f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24543f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4f2d0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
24553f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24563f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4dc20000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
24573f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24583f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
24593f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24603f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24613f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4dc20000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
24623f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24633f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
24643f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
24653f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
24663f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
24673f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
24683f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
24693f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24703f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24713f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
24723f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
24733f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24743f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24753f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24763f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24773f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24783f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24793f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24803f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4dc90000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
24813f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24823f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4dc90000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
24833f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
24843f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24853f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-l1-2-0.dll'
24863f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
24873f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24883f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
24893f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24903f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
24913f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
24923f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
24933f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
24943f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
24953f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
24963f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24973f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24983f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
24993f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25003f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25013f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25023f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25033f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25043f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25053f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25063f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25073f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25083f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4d5b0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
25093f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25103f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4d5b0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
25113f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
25123f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
25133f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
25143f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
25153f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
25163f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
25173f54.2818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
25183f54.2818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25193f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25203f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
25213f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
25223f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
25233f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
25243f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
25253f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
25263f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
25273f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25283f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25293f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25303f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25313f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25323f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
25333f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4d4a0000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
25343f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
25353f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4d4a0000 'C:\WINDOWS\System32\amsi.dll'
25363f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
25373f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'crypt32.dll'.
25383f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
25393f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25403f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25413f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25423f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25433f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
25443f54.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'userenv.dll'.
25453f54.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll) WinVerifyTrust
25463f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll
25473f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
25483f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
25493f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
25503f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25513f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25523f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25533f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25543f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25553f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25563f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25573f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25583f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25593f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25603f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25613f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25623f54.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25633f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
25643f54.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
25653f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25663f54.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll
25673f54.2818: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dpapi.dll)
25683f54.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dpapi.dll
25693f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc55b80000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\DPAPI.DLL [fFlags=0x0]
25703f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dpapi.dll [avoiding WinVerifyTrust]
25713f54.2818: supR3HardenedDllNotificationCallback: load 00007ffc4d2b0000 LB 0x001e3000 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll [fFlags=0x0]
25723f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll
25733f54.2818: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dpapi.dll'.
25743f54.2818: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dpapi.dll' [rescheduled]
25753f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
25763f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25773f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-synch-l1-2-0'
25783f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
25793f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25803f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-fibers-l1-1-1'
25813f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
25823f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25833f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-synch-l1-2-0'
25843f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
25853f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25863f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-fibers-l1-1-1'
25873f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
25883f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25893f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-l1-2-1'
25903f54.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25913f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25923f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58450000 'C:\WINDOWS\System32\kernel32.dll'
25933f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
25943f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25953f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-string-l1-1-0'
25963f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
25973f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25983f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-datetime-l1-1-1'
25993f54.2818: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
26003f54.2818: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26013f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56f70000 'api-ms-win-core-localization-obsolete-l1-2-0'
26023f54.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4d2b0000 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll'
26033f54.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26043f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26053f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
26063f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26073f54.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
26083f54.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26093f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26103f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26113f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
26123f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
26133f54.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26143f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
26153f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26163f54.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
26173f54.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
26183f54.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26193f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26203f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26213f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26223f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26233f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26243f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26253f54.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26263f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26273f54.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26283f54.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26293f54.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26303f54.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26313f54.67c: supR3HardenedDllNotificationCallback: load 00000000532e0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
26323f54.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26333f54.67c: supR3HardenedDllNotificationCallback: load 00007ffc20990000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26343f54.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26353f54.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20990000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26363f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26373f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000660 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
26383f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
26393f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
26403f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F5B666FF2CFCD1394E450AF7141F0F82A5730F3
26413f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26423f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
26433f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26443f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
26453f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.267.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
26463f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26473f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
26483f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
26493f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
26503f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
26513f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
26523f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
26533f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
26543f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
26553f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
26563f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
26573f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
26583f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
26593f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
26603f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
26613f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ED46228C9CD4F76003316896129062BE49E7BBB6
26623f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26633f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
26643f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
26653f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26663f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) WinVerifyTrust
26673f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
26683f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26693f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26703f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26713f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
26723f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26733f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
26743f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
26753f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
26763f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
26773f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26783f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
26793f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
26803f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
26813f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
26823f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
26833f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26843f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26853f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
26863f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26873f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26883f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26893f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26903f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
26913f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
26923f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26933f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
26943f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
26953f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
26963f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26973f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26983f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26993f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27003f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27013f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27023f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27033f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27043f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27053f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
27063f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27073f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27083f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27093f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27103f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27113f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
27123f54.1f10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
27133f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27143f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
27153f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
27163f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
27173f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc4e050000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
27183f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
27193f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc57d00000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
27203f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27213f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc3f0c0000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
27223f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
27233f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc38ef0000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
27243f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
27253f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ef0000 'C:\Windows\System32\NetSetupShim.dll'
27263f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27273f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
27283f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27293f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
27303f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
27313f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
27323f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
27333f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
27343f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
27353f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
27363f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27373f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
27383f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
27393f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
27403f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
27413f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27423f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27433f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27443f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27453f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27463f54.1f10: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
27473f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
27483f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
27493f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27503f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27513f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27523f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
27533f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
27543f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27553f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27563f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27573f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27583f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27593f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
27603f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27613f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc57cf0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
27623f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
27633f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc537f0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
27643f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27653f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc30ed0000 LB 0x000ce000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
27663f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
27673f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30ed0000 'C:\Windows\System32\NetSetupEngine.dll'
27683f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27693f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
27703f54.1f10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
27713f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc30ed0000 LB 0x000ce000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
27723f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc537f0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
27733f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc57cf0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
27743f54.1ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27753f54.1ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27763f54.1ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27773f54.1ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27783f54.1ed0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27793f54.1ed0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27803f54.1ed0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27813f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27823f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27833f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27843f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27853f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27863f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27873f54.1ed0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27883f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27893f54.1ed0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27903f54.1ed0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27913f54.1ed0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27923f54.1ed0: supR3HardenedDllNotificationCallback: load 00007ffc49c40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27933f54.1ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27943f54.1ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc49c40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27953f54.1ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc581d0000 'C:\WINDOWS\system32\User32.dll'
27963f54.312c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
27973f54.312c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27983f54.312c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27993f54.312c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28003f54.312c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
28013f54.312c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28023f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28033f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28043f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28053f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28063f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28073f54.312c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28083f54.312c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
28093f54.312c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28103f54.312c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28113f54.312c: supR3HardenedDllNotificationCallback: load 00007ffc49b60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
28123f54.312c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28133f54.312c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc49b60000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28143f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28153f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28163f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc58df0000 'C:\WINDOWS\system32\Shell32.dll'
28173f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28183f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28193f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20990000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28203f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28213f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28223f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28233f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28243f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28253f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28263f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
28273f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28283f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28293f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28303f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28313f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28323f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28333f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28343f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28353f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28363f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28373f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28383f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28393f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28403f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc38c30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28413f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28423f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38c30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
28433f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc38c30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
28443f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28453f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28463f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28473f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28483f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28493f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
28503f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
28513f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28523f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28533f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
28543f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
28553f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
28563f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
28573f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28583f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
28593f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28603f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28613f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
28623f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
28633f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28643f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28653f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28663f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28673f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28683f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28693f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28703f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28713f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28723f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28733f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28743f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28753f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28763f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28773f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28783f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28793f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
28803f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28813f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28823f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28833f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28843f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28853f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28863f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28873f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
28883f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28893f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28903f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28913f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28923f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28933f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28943f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28953f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28963f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28973f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28983f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28993f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29003f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29013f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29023f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29033f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29043f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29053f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29063f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29073f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29083f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29093f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29103f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29113f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29123f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29133f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29143f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29153f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29163f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29173f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29183f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc3cfc0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
29193f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29203f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc3c990000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
29213f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29223f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc55ce0000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
29233f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29243f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc19380000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
29253f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29263f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc19380000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
29273f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29283f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29293f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29303f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29313f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc38c30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29323f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29333f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38c30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
29343f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29353f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
29363f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29373f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc22e80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
29383f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29393f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29403f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29413f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3c990000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
29423f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29433f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29443f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29453f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29463f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
29473f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29483f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29493f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29503f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29513f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29523f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29533f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29543f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc46570000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
29553f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29563f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc46570000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
29573f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29583f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29593f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29603f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29613f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
29623f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29633f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29643f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29653f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29663f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29673f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29683f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29693f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc42300000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
29703f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29713f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
29723f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29733f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29743f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29753f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29763f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
29773f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29783f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29793f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29803f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29813f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29823f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29833f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29843f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc422e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
29853f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29863f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc422e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
29873f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29883f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
29893f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29903f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29913f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
29923f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29933f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29943f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29953f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29963f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29973f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29983f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29993f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc544d0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
30003f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30013f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc544d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
30023f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30033f54.1dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30043f54.1dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30053f54.1dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30063f54.1dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30073f54.1dc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
30083f54.1dc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30093f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30103f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30113f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30123f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30133f54.1dc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30143f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30153f54.1dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30163f54.1dc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30173f54.1dc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30183f54.1dc4: supR3HardenedDllNotificationCallback: load 00007ffc3e620000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
30193f54.1dc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30203f54.1dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3e620000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
30213f54.3954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30223f54.3954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30233f54.3954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30243f54.3954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
30253f54.3954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
30263f54.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
30273f54.3954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30283f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30293f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30303f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30313f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30323f54.3954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30333f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30343f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30353f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30363f54.3954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30373f54.3954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30383f54.3954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30393f54.3954: supR3HardenedDllNotificationCallback: load 00007ffc54520000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
30403f54.3954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30413f54.3954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc54520000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
30423f54.2930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30433f54.2930: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30443f54.2930: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30453f54.2930: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30463f54.2930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
30473f54.2930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30483f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30493f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30503f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30513f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30523f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30533f54.2930: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30543f54.2930: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30553f54.2930: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30563f54.2930: supR3HardenedDllNotificationCallback: load 00007ffc4bd60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
30573f54.2930: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30583f54.2930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4bd60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
30593f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30603f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30613f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30623f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30633f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
30643f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30653f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30663f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30673f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30683f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30693f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30703f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30713f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc54530000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
30723f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30733f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc54530000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
30743f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30753f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
30763f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30773f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
30783f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
30793f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30803f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30813f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
30823f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
30833f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30843f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
30853f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
30863f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
30873f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
30883f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30893f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30903f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
30913f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
30923f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
30933f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
30943f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30953f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30963f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
30973f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
30983f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
30993f54.1f10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
31003f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31013f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31023f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
31033f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc565c0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
31043f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
31053f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc502c0000 LB 0x00078000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
31063f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31073f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc502c0000 'C:\WINDOWS\System32\MMDevApi.dll'
31083f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001270 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
31093f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
31103f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
31113f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
31123f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
31133f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
31143f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
31153f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31163f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31173f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
31183f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
31193f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
31203f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31213f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31223f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31233f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31243f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31253f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
31263f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31273f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31283f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc30f00000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
31293f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31303f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31313f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31323f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30f00000 'C:\WINDOWS\System32\dsound.dll'
31333f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30f00000 'C:\WINDOWS\System32\dsound.dll'
31343f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31353f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31363f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30f00000 'C:\WINDOWS\system32\dsound.dll'
31373f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31383f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31393f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc502c0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
31403f54.4098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
31413f54.4098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
31423f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
31433f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
31443f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
31453f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
31463f54.4098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
31473f54.4098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31483f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31493f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31503f54.4098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31513f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31523f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31533f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31543f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31553f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31563f54.4098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31573f54.4098: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31583f54.4098: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31593f54.4098: supR3HardenedDllNotificationCallback: load 00007ffc50390000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
31603f54.4098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31613f54.4098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc50390000 'C:\WINDOWS\System32\AUDIOSES.DLL'
31623f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31633f54.4098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
31643f54.4098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll)
31653f54.4098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll
31663f54.4098: supR3HardenedDllNotificationCallback: load 00007ffc54e70000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
31673f54.4098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
31683f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31693f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31703f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31713f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31723f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
31733f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
31743f54.1f10: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll'
31753f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31763f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31773f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
31783f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012bc pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31793f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
31803f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
31813f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
31823f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
31833f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
31843f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
31853f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31863f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31873f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
31883f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
31893f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
31903f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
31913f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31923f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
31933f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
31943f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
31953f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
31963f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
31973f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
31983f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
31993f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
32003f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
32013f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
32023f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32033f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
32043f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32053f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32063f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32073f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32083f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32093f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32103f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32113f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32123f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32133f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32143f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32153f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32163f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc39d40000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
32173f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32183f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc52180000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
32193f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32203f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc1eac0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
32213f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32223f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32233f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32243f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32253f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32263f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32273f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32283f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32293f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32303f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32313f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32323f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32333f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32343f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32353f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32363f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32373f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32383f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32393f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32403f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32413f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32423f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32433f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32443f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32453f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32463f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32473f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eac0000 'C:\WINDOWS\System32\wdmaud.drv'
32483f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001338 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
32493f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
32503f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
32513f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
32523f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
32533f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
32543f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
32553f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32563f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32573f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
32583f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
32593f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
32603f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
32613f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32623f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
32633f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
32643f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
32653f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
32663f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
32673f54.1f10: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
32683f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
32693f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
32703f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
32713f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
32723f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32733f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
32743f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32753f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32763f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32773f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32783f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32793f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32803f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32813f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32823f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32833f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32843f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32853f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc1ea90000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
32863f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32873f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc1eab0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
32883f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32893f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
32903f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32913f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32923f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
32933f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32943f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32953f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
32963f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32973f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32983f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
32993f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33003f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33013f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33023f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33033f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33043f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33053f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33063f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33073f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33083f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33093f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33103f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1eab0000 'C:\WINDOWS\System32\msacm32.drv'
33113f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001330 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
33123f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014f15f0
33133f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014f15f0
33143f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
33153f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
33163f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33173f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
33183f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc56c00000 'C:\WINDOWS\System32\crypt32.dll'
33193f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
33203f54.1f10: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33213f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33223f54.1f10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
33233f54.1f10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
33243f54.1f10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
33253f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33263f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33273f54.1f10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
33283f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33293f54.1f10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33303f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33313f54.1f10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33323f54.1f10: supR3HardenedDllNotificationCallback: load 00007ffc1ea80000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
33333f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33343f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ea80000 'C:\WINDOWS\System32\midimap.dll'
33353f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33363f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33373f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ea80000 'C:\WINDOWS\System32\midimap.dll'
33383f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33393f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33403f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ea80000 'C:\WINDOWS\System32\midimap.dll'
33413f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33423f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33433f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ea80000 'C:\WINDOWS\System32\midimap.dll'
33443f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33453f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33463f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33473f54.1f10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
33483f54.1f10: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33493f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc30f00000 'C:\WINDOWS\system32\dsound.dll'
33503f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33513f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33523f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc548f0000 'C:\WINDOWS\System32\winmm.dll'
33533f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20990000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
33543f54.1f10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc55b40000 'C:\WINDOWS\system32\rsaenh.dll'
33553f54.2930: supR3HardenedDllNotificationCallback: Unload 00007ffc4bd60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
33563f54.3954: supR3HardenedDllNotificationCallback: Unload 00007ffc54520000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
33573f54.1dc4: supR3HardenedDllNotificationCallback: Unload 00007ffc3e620000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
33583f54.312c: supR3HardenedDllNotificationCallback: Unload 00007ffc49b60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
33593f54.1ed0: supR3HardenedDllNotificationCallback: Unload 00007ffc49c40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
33603f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc544d0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
33613f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc422e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
33623f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc42300000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
33633f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc46570000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
33643f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc38c30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
33653f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc19380000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
33663f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc3cfc0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
33673f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc3c990000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
33683f54.1f10: supR3HardenedDllNotificationCallback: Unload 00007ffc55ce0000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
33693f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4bcc0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
33703f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4dc90000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
33713f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc37020000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
33723f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc538a0000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
33733f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc55580000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
33743f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc53b60000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
33753f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc54c10000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
33763f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc55070000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
33773f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4d5b0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
33783f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc2f630000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
33793f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4dc20000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
33803f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4f2d0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
33813f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc22e80000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33823f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc38ef0000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
33833f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc4e050000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
33843f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc57d00000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
33853f54.2818: supR3HardenedDllNotificationCallback: Unload 00007ffc3f0c0000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
33863f54.2818: Terminating the normal way: rcExit=0
33873154.1e14: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 36175 ms, the end);
33883700.336c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 36898 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy