VirtualBox

Ticket #16383: VBoxHardening.log

File VBoxHardening.log, 358.5 KB (added by JacksonZheng, 8 years ago)
Line 
13ff4.1cf8: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00
23ff4.1cf8: \SystemRoot\System32\ntdll.dll:
33ff4.1cf8: CreationTime: 2016-06-03T07:31:29.849694900Z
43ff4.1cf8: LastWriteTime: 2016-04-23T05:24:28.464629900Z
53ff4.1cf8: ChangeTime: 2016-06-16T01:30:16.944562000Z
63ff4.1cf8: FileAttributes: 0x20
73ff4.1cf8: Size: 0x1bc248
83ff4.1cf8: NT Headers: 0xe0
93ff4.1cf8: Timestamp: 0x571af2eb
103ff4.1cf8: Machine: 0x8664 - amd64
113ff4.1cf8: Timestamp: 0x571af2eb
123ff4.1cf8: Image Version: 10.0
133ff4.1cf8: SizeOfImage: 0x1c1000 (1839104)
143ff4.1cf8: Resource Dir: 0x159000 LB 0x66218
153ff4.1cf8: ProductName: Microsoft® Windows® Operating System
163ff4.1cf8: ProductVersion: 10.0.10586.306
173ff4.1cf8: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
183ff4.1cf8: FileDescription: NT Layer DLL
193ff4.1cf8: \SystemRoot\System32\kernel32.dll:
203ff4.1cf8: CreationTime: 2016-12-05T09:54:47.900956900Z
213ff4.1cf8: LastWriteTime: 2016-09-07T05:39:18.648308100Z
223ff4.1cf8: ChangeTime: 2016-12-20T09:57:22.962423400Z
233ff4.1cf8: FileAttributes: 0x20
243ff4.1cf8: Size: 0xac428
253ff4.1cf8: NT Headers: 0xf0
263ff4.1cf8: Timestamp: 0x57cf97d5
273ff4.1cf8: Machine: 0x8664 - amd64
283ff4.1cf8: Timestamp: 0x57cf97d5
293ff4.1cf8: Image Version: 10.0
303ff4.1cf8: SizeOfImage: 0xad000 (708608)
313ff4.1cf8: Resource Dir: 0xab000 LB 0x528
323ff4.1cf8: ProductName: Microsoft® Windows® Operating System
333ff4.1cf8: ProductVersion: 10.0.10586.589
343ff4.1cf8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
353ff4.1cf8: FileDescription: Windows NT BASE API Client DLL
363ff4.1cf8: \SystemRoot\System32\KernelBase.dll:
373ff4.1cf8: CreationTime: 2016-12-05T09:53:46.179332900Z
383ff4.1cf8: LastWriteTime: 2016-09-07T05:39:29.471401400Z
393ff4.1cf8: ChangeTime: 2016-12-20T09:57:28.650160300Z
403ff4.1cf8: FileAttributes: 0x20
413ff4.1cf8: Size: 0x1e7c08
423ff4.1cf8: NT Headers: 0xf0
433ff4.1cf8: Timestamp: 0x57cf948c
443ff4.1cf8: Machine: 0x8664 - amd64
453ff4.1cf8: Timestamp: 0x57cf948c
463ff4.1cf8: Image Version: 10.0
473ff4.1cf8: SizeOfImage: 0x1e8000 (1998848)
483ff4.1cf8: Resource Dir: 0x1d1000 LB 0x540
493ff4.1cf8: ProductName: Microsoft® Windows® Operating System
503ff4.1cf8: ProductVersion: 10.0.10586.589
513ff4.1cf8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
523ff4.1cf8: FileDescription: Windows NT BASE API Client DLL
533ff4.1cf8: \SystemRoot\System32\apisetschema.dll:
543ff4.1cf8: CreationTime: 2015-10-30T07:17:57.502957900Z
553ff4.1cf8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
563ff4.1cf8: ChangeTime: 2016-05-16T22:30:45.978904000Z
573ff4.1cf8: FileAttributes: 0x20
583ff4.1cf8: Size: 0x16d60
593ff4.1cf8: NT Headers: 0xc8
603ff4.1cf8: Timestamp: 0x5632d94c
613ff4.1cf8: Machine: 0x8664 - amd64
623ff4.1cf8: Timestamp: 0x5632d94c
633ff4.1cf8: Image Version: 10.0
643ff4.1cf8: SizeOfImage: 0x18000 (98304)
653ff4.1cf8: Resource Dir: 0x17000 LB 0x400
663ff4.1cf8: ProductName: Microsoft® Windows® Operating System
673ff4.1cf8: ProductVersion: 10.0.10586.0
683ff4.1cf8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
693ff4.1cf8: FileDescription: ApiSet Schema DLL
703ff4.1cf8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
713ff4.1cf8: supR3HardenedWinFindAdversaries: 0x83
723ff4.1cf8: \SystemRoot\System32\drivers\SysPlant.sys:
733ff4.1cf8: CreationTime: 2015-12-02T15:13:08.693783300Z
743ff4.1cf8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
753ff4.1cf8: ChangeTime: 2016-09-05T01:29:21.296931500Z
763ff4.1cf8: FileAttributes: 0x20
773ff4.1cf8: Size: 0x2b9a8
783ff4.1cf8: NT Headers: 0x100
793ff4.1cf8: Timestamp: 0x576a282d
803ff4.1cf8: Machine: 0x8664 - amd64
813ff4.1cf8: Timestamp: 0x576a282d
823ff4.1cf8: Image Version: 5.0
833ff4.1cf8: SizeOfImage: 0x30000 (196608)
843ff4.1cf8: Resource Dir: 0x2e000 LB 0x498
853ff4.1cf8: ProductName: Symantec CMC Firewall
863ff4.1cf8: ProductVersion: 12.1.7004.6500
873ff4.1cf8: FileVersion: 12.1.7004.6500
883ff4.1cf8: FileDescription: Symantec CMC Firewall SysPlant
893ff4.1cf8: \SystemRoot\System32\sysfer.dll:
903ff4.1cf8: CreationTime: 2015-12-02T15:13:08.693783300Z
913ff4.1cf8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
923ff4.1cf8: ChangeTime: 2016-09-05T01:29:21.296931500Z
933ff4.1cf8: FileAttributes: 0x20
943ff4.1cf8: Size: 0x73728
953ff4.1cf8: NT Headers: 0xf0
963ff4.1cf8: Timestamp: 0x576a2837
973ff4.1cf8: Machine: 0x8664 - amd64
983ff4.1cf8: Timestamp: 0x576a2837
993ff4.1cf8: Image Version: 0.0
1003ff4.1cf8: SizeOfImage: 0x89000 (561152)
1013ff4.1cf8: Resource Dir: 0x87000 LB 0x630
1023ff4.1cf8: ProductName: Symantec CMC Firewall
1033ff4.1cf8: ProductVersion: 12.1.7004.6500
1043ff4.1cf8: FileVersion: 12.1.7004.6500
1053ff4.1cf8: FileDescription: Symantec CMC Firewall sysfer
1063ff4.1cf8: \SystemRoot\System32\drivers\symevent64x86.sys:
1073ff4.1cf8: CreationTime: 2015-12-02T15:14:38.017425000Z
1083ff4.1cf8: LastWriteTime: 2015-12-02T15:14:37.748585400Z
1093ff4.1cf8: ChangeTime: 2016-05-16T22:31:32.083408600Z
1103ff4.1cf8: FileAttributes: 0x20
1113ff4.1cf8: Size: 0x2b8d8
1123ff4.1cf8: NT Headers: 0xe8
1133ff4.1cf8: Timestamp: 0x54b87d44
1143ff4.1cf8: Machine: 0x8664 - amd64
1153ff4.1cf8: Timestamp: 0x54b87d44
1163ff4.1cf8: Image Version: 6.0
1173ff4.1cf8: SizeOfImage: 0x38000 (229376)
1183ff4.1cf8: Resource Dir: 0x36000 LB 0x3c8
1193ff4.1cf8: ProductName: SYMEVENT
1203ff4.1cf8: ProductVersion: 12.9.6.12
1213ff4.1cf8: FileVersion: 12.9.6.12
1223ff4.1cf8: FileDescription: Symantec Event Library
1233ff4.1cf8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
1243ff4.1cf8: CreationTime: 2016-07-15T02:53:45.432827500Z
1253ff4.1cf8: LastWriteTime: 2016-07-15T02:53:45.434857700Z
1263ff4.1cf8: ChangeTime: 2016-07-15T02:53:45.434857700Z
1273ff4.1cf8: FileAttributes: 0x20
1283ff4.1cf8: Size: 0x2eed8
1293ff4.1cf8: NT Headers: 0xe0
1303ff4.1cf8: Timestamp: 0x55b855d9
1313ff4.1cf8: Machine: 0x8664 - amd64
1323ff4.1cf8: Timestamp: 0x55b855d9
1333ff4.1cf8: Image Version: 6.1
1343ff4.1cf8: SizeOfImage: 0x33000 (208896)
1353ff4.1cf8: Resource Dir: 0x31000 LB 0x3b8
1363ff4.1cf8: ProductName: Malwarebytes Anti-Malware
1373ff4.1cf8: ProductVersion: 0.3.0.0
1383ff4.1cf8: FileVersion: 0.3.0.0
1393ff4.1cf8: FileDescription: Malwarebytes Anti-Malware
1403ff4.1cf8: \SystemRoot\System32\drivers\mbam.sys:
1413ff4.1cf8: CreationTime: 2016-07-14T01:28:19.482174200Z
1423ff4.1cf8: LastWriteTime: 2015-10-22T13:43:18.000000000Z
1433ff4.1cf8: ChangeTime: 2016-07-14T01:28:19.498772900Z
1443ff4.1cf8: FileAttributes: 0x20
1453ff4.1cf8: Size: 0x64d8
1463ff4.1cf8: NT Headers: 0xf8
1473ff4.1cf8: Timestamp: 0x5629a385
1483ff4.1cf8: Machine: 0x8664 - amd64
1493ff4.1cf8: Timestamp: 0x5629a385
1503ff4.1cf8: Image Version: 6.1
1513ff4.1cf8: SizeOfImage: 0xa000 (40960)
1523ff4.1cf8: Resource Dir: 0x8000 LB 0x3e0
1533ff4.1cf8: ProductName: Malwarebytes Anti-Malware
1543ff4.1cf8: ProductVersion: 1.60.2.0000
1553ff4.1cf8: FileVersion: 1.60.2.0000 built by: WinDDK
1563ff4.1cf8: FileDescription: Malwarebytes Anti-Malware (MEE)
1573ff4.1cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1583ff4.1cf8: Calling main()
1593ff4.1cf8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1603ff4.1cf8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1613ff4.1cf8: SUPR3HardenedMain: Respawn #1
1623ff4.1cf8: System32: \Device\HarddiskVolume2\Windows\System32
1633ff4.1cf8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1643ff4.1cf8: KnownDllPath: C:\windows\system32
1653ff4.1cf8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1663ff4.1cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1673ff4.1cf8: supR3HardNtEnableThreadCreation:
1683ff4.1cf8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff07746d50 pvNtTerminateThread=00007fff07775b30
1693ff4.1cf8: supR3HardenedWinDoReSpawn(1): New child 5d0c.7f8 [kernel32].
1703ff4.1cf8: supR3HardNtChildGatherData: PebBaseAddress=000000000101d000 cbPeb=0x388
1713ff4.1cf8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff076d0000 uNtDllChildAddr=00007fff076d0000
1723ff4.1cf8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff07746d50
1733ff4.1cf8: supR3HardenedWinSetupChildInit: Start child.
1743ff4.1cf8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1753ff4.1cf8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 59 sleeps
1763ff4.1cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1773ff4.1cf8: *0000000000000000-ffffffffff04ffff 0x0001/0x0000 0x0000000
1783ff4.1cf8: *0000000000fb0000-0000000000f8ffff 0x0004/0x0004 0x0020000
1793ff4.1cf8: *0000000000fd0000-0000000000fbafff 0x0002/0x0002 0x0040000
1803ff4.1cf8: 0000000000fe5000-0000000000fd9fff 0x0001/0x0000 0x0000000
1813ff4.1cf8: *0000000000ff0000-0000000000febfff 0x0002/0x0002 0x0040000
1823ff4.1cf8: 0000000000ff4000-0000000000fe7fff 0x0001/0x0000 0x0000000
1833ff4.1cf8: *0000000001000000-0000000000fe2fff 0x0000/0x0004 0x0020000
1843ff4.1cf8: 000000000101d000-0000000001019fff 0x0004/0x0004 0x0020000
1853ff4.1cf8: 0000000001020000-0000000000e3ffff 0x0000/0x0004 0x0020000
1863ff4.1cf8: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
1873ff4.1cf8: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
1883ff4.1cf8: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
1893ff4.1cf8: *0000000001300000-00000000012fdfff 0x0004/0x0004 0x0020000
1903ff4.1cf8: 0000000001302000-ffffffff82623fff 0x0001/0x0000 0x0000000
1913ff4.1cf8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1923ff4.1cf8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1933ff4.1cf8: 000000007fff0000-ffff80093cf9ffff 0x0001/0x0000 0x0000000
1943ff4.1cf8: *00007ff7c3040000-00007ff7c301cfff 0x0002/0x0002 0x0040000
1953ff4.1cf8: 00007ff7c3063000-00007ff7c2fb5fff 0x0001/0x0000 0x0000000
1963ff4.1cf8: *00007ff7c3110000-00007ff7c3110fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1973ff4.1cf8: 00007ff7c3111000-00007ff7c317ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1983ff4.1cf8: 00007ff7c3180000-00007ff7c3180fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1993ff4.1cf8: 00007ff7c3181000-00007ff7c31c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2003ff4.1cf8: 00007ff7c31c6000-00007ff7c31c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2013ff4.1cf8: 00007ff7c31c7000-00007ff7c31c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2023ff4.1cf8: 00007ff7c31c8000-00007ff7c31ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2033ff4.1cf8: 00007ff7c31cd000-00007ff7c31cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2043ff4.1cf8: 00007ff7c31ce000-00007ff7c31cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2053ff4.1cf8: 00007ff7c31cf000-00007ff7c31d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2063ff4.1cf8: 00007ff7c31d3000-00007ff7c321afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2073ff4.1cf8: 00007ff7c321b000-00007ff7c3215fff 0x0001/0x0000 0x0000000
2083ff4.1cf8: *00007ff7c3220000-00007ff7c321efff 0x0040/0x0040 0x0020000 !!
2093ff4.1cf8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff7c3220000 (LB 0x1000, 00007ff7c3220000 LB 0x1000)
2103ff4.1cf8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff7c3220000/00007ff7c3220000 LB 0/0x1000]
2113ff4.1cf8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff7c3220000 LB 0x7444b0000 s=0x10000 ap=0x0 rp=0xe9c9929c00000001
2123ff4.1cf8: 00007ff7c3221000-00007ff07ed71fff 0x0001/0x0000 0x0000000
2133ff4.1cf8: *00007fff076d0000-00007fff076d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2143ff4.1cf8: 00007fff076d1000-00007fff077cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2153ff4.1cf8: 00007fff077ce000-00007fff0780efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2163ff4.1cf8: 00007fff0780f000-00007fff07817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2173ff4.1cf8: 00007fff07818000-00007fff07824fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2183ff4.1cf8: 00007fff07825000-00007fff07825fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2193ff4.1cf8: 00007fff07826000-00007fff07828fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2203ff4.1cf8: 00007fff07829000-00007fff07890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2213ff4.1cf8: 00007fff07891000-00007ffe0f141fff 0x0001/0x0000 0x0000000
2223ff4.1cf8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2233ff4.1cf8: VirtualBox.exe: timestamp 0x58594e7b (rc=VINF_SUCCESS)
2243ff4.1cf8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2253ff4.1cf8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
2263ff4.1cf8: 00007ff7c3110172 / 0x0000172: 00 != 11
2273ff4.1cf8: 00007ff7c3110174 / 0x0000174: 00 != 14
2283ff4.1cf8: Restored 0x400 bytes of original file content at 00007ff7c3110000
2293ff4.1cf8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2303ff4.1cf8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x83
2313ff4.1cf8: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 59 sleeps
2323ff4.1cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2333ff4.1cf8: *0000000000000000-ffffffffff04ffff 0x0001/0x0000 0x0000000
2343ff4.1cf8: *0000000000fb0000-0000000000f8ffff 0x0004/0x0004 0x0020000
2353ff4.1cf8: *0000000000fd0000-0000000000fbafff 0x0002/0x0002 0x0040000
2363ff4.1cf8: 0000000000fe5000-0000000000fd9fff 0x0001/0x0000 0x0000000
2373ff4.1cf8: *0000000000ff0000-0000000000febfff 0x0002/0x0002 0x0040000
2383ff4.1cf8: 0000000000ff4000-0000000000fe7fff 0x0001/0x0000 0x0000000
2393ff4.1cf8: *0000000001000000-0000000000fe2fff 0x0000/0x0004 0x0020000
2403ff4.1cf8: 000000000101d000-0000000001019fff 0x0004/0x0004 0x0020000
2413ff4.1cf8: 0000000001020000-0000000000e3ffff 0x0000/0x0004 0x0020000
2423ff4.1cf8: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
2433ff4.1cf8: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
2443ff4.1cf8: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
2453ff4.1cf8: *0000000001300000-00000000012fdfff 0x0004/0x0004 0x0020000
2463ff4.1cf8: 0000000001302000-ffffffff82623fff 0x0001/0x0000 0x0000000
2473ff4.1cf8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2483ff4.1cf8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2493ff4.1cf8: 000000007fff0000-ffff80093cf9ffff 0x0001/0x0000 0x0000000
2503ff4.1cf8: *00007ff7c3040000-00007ff7c301cfff 0x0002/0x0002 0x0040000
2513ff4.1cf8: 00007ff7c3063000-00007ff7c2fb5fff 0x0001/0x0000 0x0000000
2523ff4.1cf8: *00007ff7c3110000-00007ff7c3110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2533ff4.1cf8: 00007ff7c3111000-00007ff7c317ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2543ff4.1cf8: 00007ff7c3180000-00007ff7c3180fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2553ff4.1cf8: 00007ff7c3181000-00007ff7c31c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2563ff4.1cf8: 00007ff7c31c6000-00007ff7c31d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2573ff4.1cf8: 00007ff7c31d3000-00007ff7c321afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2583ff4.1cf8: 00007ff7c321b000-00007ff07ed65fff 0x0001/0x0000 0x0000000
2593ff4.1cf8: *00007fff076d0000-00007fff076d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2603ff4.1cf8: 00007fff076d1000-00007fff077cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2613ff4.1cf8: 00007fff077ce000-00007fff0780efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2623ff4.1cf8: 00007fff0780f000-00007fff07812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2633ff4.1cf8: 00007fff07813000-00007fff07817fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2643ff4.1cf8: 00007fff07818000-00007fff07824fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2653ff4.1cf8: 00007fff07825000-00007fff07825fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2663ff4.1cf8: 00007fff07826000-00007fff07828fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2673ff4.1cf8: 00007fff07829000-00007fff07890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2683ff4.1cf8: 00007fff07891000-00007ffe0f141fff 0x0001/0x0000 0x0000000
2693ff4.1cf8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2703ff4.1cf8: supR3HardNtChildPurify: Done after 1079 ms and 2 fixes (loop #1).
2715d0c.7f8: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
2723ff4.1cf8: supR3HardNtEnableThreadCreation:
2735d0c.7f8: supR3HardenedVmProcessInit: uNtDllAddr=00007fff076d0000 g_uNtVerCombined=0xa0295a00
2745d0c.7f8: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
2755d0c.7f8: New simple heap: #1 0000000001410000 LB 0x400000 (for 1839104 allocation)
2765d0c.7f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2775d0c.7f8: System32: \Device\HarddiskVolume2\Windows\System32
2785d0c.7f8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2795d0c.7f8: KnownDllPath: C:\windows\system32
2805d0c.7f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2815d0c.7f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2825d0c.7f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2835d0c.7f8: Registered Dll notification callback with NTDLL.
2845d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2855d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2865d0c.7f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
2875d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff03d80000 LB 0x001e8000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
2885d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2895d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2905d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff04dc0000 LB 0x000ad000 C:\windows\system32\KERNEL32.DLL [fFlags=0x0]
2915d0c.7f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2925d0c.7f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04dc0000 'C:\windows\system32\KERNEL32.DLL'
2935d0c.7f8: supR3HardenedDllNotificationCallback: load 00007ff7c3110000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2945d0c.7f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2955d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2965d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2975d0c.7f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff07746d50 pvNtTerminateThread=00007fff07775b30
2983ff4.1cf8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 92 ms.
2995d0c.7f8: \SystemRoot\System32\ntdll.dll:
3005d0c.7f8: CreationTime: 2016-06-03T07:31:29.849694900Z
3015d0c.7f8: LastWriteTime: 2016-04-23T05:24:28.464629900Z
3025d0c.7f8: ChangeTime: 2016-06-16T01:30:16.944562000Z
3035d0c.7f8: FileAttributes: 0x20
3045d0c.7f8: Size: 0x1bc248
3055d0c.7f8: NT Headers: 0xe0
3065d0c.7f8: Timestamp: 0x571af2eb
3075d0c.7f8: Machine: 0x8664 - amd64
3085d0c.7f8: Timestamp: 0x571af2eb
3095d0c.7f8: Image Version: 10.0
3105d0c.7f8: SizeOfImage: 0x1c1000 (1839104)
3115d0c.7f8: Resource Dir: 0x159000 LB 0x66218
3125d0c.7f8: ProductName: Microsoft® Windows® Operating System
3135d0c.7f8: ProductVersion: 10.0.10586.306
3145d0c.7f8: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
3155d0c.7f8: FileDescription: NT Layer DLL
3165d0c.7f8: \SystemRoot\System32\kernel32.dll:
3175d0c.7f8: CreationTime: 2016-12-05T09:54:47.900956900Z
3185d0c.7f8: LastWriteTime: 2016-09-07T05:39:18.648308100Z
3195d0c.7f8: ChangeTime: 2016-12-20T09:57:22.962423400Z
3205d0c.7f8: FileAttributes: 0x20
3215d0c.7f8: Size: 0xac428
3225d0c.7f8: NT Headers: 0xf0
3235d0c.7f8: Timestamp: 0x57cf97d5
3245d0c.7f8: Machine: 0x8664 - amd64
3255d0c.7f8: Timestamp: 0x57cf97d5
3265d0c.7f8: Image Version: 10.0
3275d0c.7f8: SizeOfImage: 0xad000 (708608)
3285d0c.7f8: Resource Dir: 0xab000 LB 0x528
3295d0c.7f8: ProductName: Microsoft® Windows® Operating System
3305d0c.7f8: ProductVersion: 10.0.10586.589
3315d0c.7f8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
3325d0c.7f8: FileDescription: Windows NT BASE API Client DLL
3335d0c.7f8: \SystemRoot\System32\KernelBase.dll:
3345d0c.7f8: CreationTime: 2016-12-05T09:53:46.179332900Z
3355d0c.7f8: LastWriteTime: 2016-09-07T05:39:29.471401400Z
3365d0c.7f8: ChangeTime: 2016-12-20T09:57:28.650160300Z
3375d0c.7f8: FileAttributes: 0x20
3385d0c.7f8: Size: 0x1e7c08
3395d0c.7f8: NT Headers: 0xf0
3405d0c.7f8: Timestamp: 0x57cf948c
3415d0c.7f8: Machine: 0x8664 - amd64
3425d0c.7f8: Timestamp: 0x57cf948c
3435d0c.7f8: Image Version: 10.0
3445d0c.7f8: SizeOfImage: 0x1e8000 (1998848)
3455d0c.7f8: Resource Dir: 0x1d1000 LB 0x540
3465d0c.7f8: ProductName: Microsoft® Windows® Operating System
3475d0c.7f8: ProductVersion: 10.0.10586.589
3485d0c.7f8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
3495d0c.7f8: FileDescription: Windows NT BASE API Client DLL
3505d0c.7f8: \SystemRoot\System32\apisetschema.dll:
3515d0c.7f8: CreationTime: 2015-10-30T07:17:57.502957900Z
3525d0c.7f8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
3535d0c.7f8: ChangeTime: 2016-05-16T22:30:45.978904000Z
3545d0c.7f8: FileAttributes: 0x20
3555d0c.7f8: Size: 0x16d60
3565d0c.7f8: NT Headers: 0xc8
3575d0c.7f8: Timestamp: 0x5632d94c
3585d0c.7f8: Machine: 0x8664 - amd64
3595d0c.7f8: Timestamp: 0x5632d94c
3605d0c.7f8: Image Version: 10.0
3615d0c.7f8: SizeOfImage: 0x18000 (98304)
3625d0c.7f8: Resource Dir: 0x17000 LB 0x400
3635d0c.7f8: ProductName: Microsoft® Windows® Operating System
3645d0c.7f8: ProductVersion: 10.0.10586.0
3655d0c.7f8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3665d0c.7f8: FileDescription: ApiSet Schema DLL
3675d0c.7f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3685d0c.7f8: supR3HardenedWinFindAdversaries: 0x83
3695d0c.7f8: \SystemRoot\System32\drivers\SysPlant.sys:
3705d0c.7f8: CreationTime: 2015-12-02T15:13:08.693783300Z
3715d0c.7f8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
3725d0c.7f8: ChangeTime: 2016-09-05T01:29:21.296931500Z
3735d0c.7f8: FileAttributes: 0x20
3745d0c.7f8: Size: 0x2b9a8
3755d0c.7f8: NT Headers: 0x100
3765d0c.7f8: Timestamp: 0x576a282d
3775d0c.7f8: Machine: 0x8664 - amd64
3785d0c.7f8: Timestamp: 0x576a282d
3795d0c.7f8: Image Version: 5.0
3805d0c.7f8: SizeOfImage: 0x30000 (196608)
3815d0c.7f8: Resource Dir: 0x2e000 LB 0x498
3825d0c.7f8: ProductName: Symantec CMC Firewall
3835d0c.7f8: ProductVersion: 12.1.7004.6500
3845d0c.7f8: FileVersion: 12.1.7004.6500
3855d0c.7f8: FileDescription: Symantec CMC Firewall SysPlant
3865d0c.7f8: \SystemRoot\System32\sysfer.dll:
3875d0c.7f8: CreationTime: 2015-12-02T15:13:08.693783300Z
3885d0c.7f8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
3895d0c.7f8: ChangeTime: 2016-09-05T01:29:21.296931500Z
3905d0c.7f8: FileAttributes: 0x20
3915d0c.7f8: Size: 0x73728
3925d0c.7f8: NT Headers: 0xf0
3935d0c.7f8: Timestamp: 0x576a2837
3945d0c.7f8: Machine: 0x8664 - amd64
3955d0c.7f8: Timestamp: 0x576a2837
3965d0c.7f8: Image Version: 0.0
3975d0c.7f8: SizeOfImage: 0x89000 (561152)
3985d0c.7f8: Resource Dir: 0x87000 LB 0x630
3995d0c.7f8: ProductName: Symantec CMC Firewall
4005d0c.7f8: ProductVersion: 12.1.7004.6500
4015d0c.7f8: FileVersion: 12.1.7004.6500
4025d0c.7f8: FileDescription: Symantec CMC Firewall sysfer
4035d0c.7f8: \SystemRoot\System32\drivers\symevent64x86.sys:
4045d0c.7f8: CreationTime: 2015-12-02T15:14:38.017425000Z
4055d0c.7f8: LastWriteTime: 2015-12-02T15:14:37.748585400Z
4065d0c.7f8: ChangeTime: 2016-05-16T22:31:32.083408600Z
4075d0c.7f8: FileAttributes: 0x20
4085d0c.7f8: Size: 0x2b8d8
4095d0c.7f8: NT Headers: 0xe8
4105d0c.7f8: Timestamp: 0x54b87d44
4115d0c.7f8: Machine: 0x8664 - amd64
4125d0c.7f8: Timestamp: 0x54b87d44
4135d0c.7f8: Image Version: 6.0
4145d0c.7f8: SizeOfImage: 0x38000 (229376)
4155d0c.7f8: Resource Dir: 0x36000 LB 0x3c8
4165d0c.7f8: ProductName: SYMEVENT
4175d0c.7f8: ProductVersion: 12.9.6.12
4185d0c.7f8: FileVersion: 12.9.6.12
4195d0c.7f8: FileDescription: Symantec Event Library
4205d0c.7f8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
4215d0c.7f8: CreationTime: 2016-07-15T02:53:45.432827500Z
4225d0c.7f8: LastWriteTime: 2016-07-15T02:53:45.434857700Z
4235d0c.7f8: ChangeTime: 2016-07-15T02:53:45.434857700Z
4245d0c.7f8: FileAttributes: 0x20
4255d0c.7f8: Size: 0x2eed8
4265d0c.7f8: NT Headers: 0xe0
4275d0c.7f8: Timestamp: 0x55b855d9
4285d0c.7f8: Machine: 0x8664 - amd64
4295d0c.7f8: Timestamp: 0x55b855d9
4305d0c.7f8: Image Version: 6.1
4315d0c.7f8: SizeOfImage: 0x33000 (208896)
4325d0c.7f8: Resource Dir: 0x31000 LB 0x3b8
4335d0c.7f8: ProductName: Malwarebytes Anti-Malware
4345d0c.7f8: ProductVersion: 0.3.0.0
4355d0c.7f8: FileVersion: 0.3.0.0
4365d0c.7f8: FileDescription: Malwarebytes Anti-Malware
4375d0c.7f8: \SystemRoot\System32\drivers\mbam.sys:
4385d0c.7f8: CreationTime: 2016-07-14T01:28:19.482174200Z
4395d0c.7f8: LastWriteTime: 2015-10-22T13:43:18.000000000Z
4405d0c.7f8: ChangeTime: 2016-07-14T01:28:19.498772900Z
4415d0c.7f8: FileAttributes: 0x20
4425d0c.7f8: Size: 0x64d8
4435d0c.7f8: NT Headers: 0xf8
4445d0c.7f8: Timestamp: 0x5629a385
4455d0c.7f8: Machine: 0x8664 - amd64
4465d0c.7f8: Timestamp: 0x5629a385
4475d0c.7f8: Image Version: 6.1
4485d0c.7f8: SizeOfImage: 0xa000 (40960)
4495d0c.7f8: Resource Dir: 0x8000 LB 0x3e0
4505d0c.7f8: ProductName: Malwarebytes Anti-Malware
4515d0c.7f8: ProductVersion: 1.60.2.0000
4525d0c.7f8: FileVersion: 1.60.2.0000 built by: WinDDK
4535d0c.7f8: FileDescription: Malwarebytes Anti-Malware (MEE)
4545d0c.7f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4555d0c.7f8: Calling main()
4565d0c.7f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4575d0c.7f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4585d0c.7f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4595d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4605d0c.7f8: SUPR3HardenedMain: Respawn #2
4615d0c.7f8: supR3HardNtEnableThreadCreation:
4625d0c.7f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4635d0c.7f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
4645d0c.7f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
4655d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
4665d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
4675d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4685d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4695d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4705d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4715d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
4725d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
4735d0c.7f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4745d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
4755d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
4765d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4775d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4785d0c.7f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4795d0c.7f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4805d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4815d0c.7f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4825d0c.7f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4835d0c.7f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
4845d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff053c0000 LB 0x0009d000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
4855d0c.7f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4865d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff07400000 LB 0x0011c000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
4875d0c.7f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4885d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff05460000 LB 0x0005b000 C:\windows\system32\sechost.dll [fFlags=0x0]
4895d0c.7f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4905d0c.7f8: supR3HardenedDllNotificationCallback: load 00007fff04f40000 LB 0x000a7000 C:\windows\system32\ADVAPI32.DLL [fFlags=0x0]
4915d0c.7f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4925d0c.7f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\ADVAPI32.DLL'
4935d0c.7f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff07746d50 pvNtTerminateThread=00007fff07775b30
4945d0c.7f8: supR3HardenedWinDoReSpawn(2): New child 2304.7a8 [kernel32].
4955d0c.7f8: supR3HardNtChildGatherData: PebBaseAddress=0000000000d04000 cbPeb=0x388
4965d0c.7f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff076d0000 uNtDllChildAddr=00007fff076d0000
4975d0c.7f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff07746d50
4985d0c.7f8: supR3HardenedWinSetupChildInit: Start child.
4995d0c.7f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5005d0c.7f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 59 sleeps
5015d0c.7f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5025d0c.7f8: *0000000000000000-ffffffffff3fffff 0x0001/0x0000 0x0000000
5035d0c.7f8: *0000000000c00000-0000000000afbfff 0x0000/0x0004 0x0020000
5045d0c.7f8: 0000000000d04000-0000000000d00fff 0x0004/0x0004 0x0020000
5055d0c.7f8: 0000000000d07000-0000000000c0dfff 0x0000/0x0004 0x0020000
5065d0c.7f8: *0000000000e00000-0000000000ddffff 0x0004/0x0004 0x0020000
5075d0c.7f8: *0000000000e20000-0000000000e0afff 0x0002/0x0002 0x0040000
5085d0c.7f8: 0000000000e35000-0000000000e29fff 0x0001/0x0000 0x0000000
5095d0c.7f8: *0000000000e40000-0000000000d44fff 0x0000/0x0004 0x0020000
5105d0c.7f8: 0000000000f3b000-0000000000f37fff 0x0104/0x0004 0x0020000
5115d0c.7f8: 0000000000f3e000-0000000000f3bfff 0x0004/0x0004 0x0020000
5125d0c.7f8: *0000000000f40000-0000000000f3bfff 0x0002/0x0002 0x0040000
5135d0c.7f8: 0000000000f44000-0000000000f37fff 0x0001/0x0000 0x0000000
5145d0c.7f8: *0000000000f50000-0000000000f4dfff 0x0004/0x0004 0x0020000
5155d0c.7f8: 0000000000f52000-ffffffff81ec3fff 0x0001/0x0000 0x0000000
5165d0c.7f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5175d0c.7f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5185d0c.7f8: 000000007fff0000-ffff80093d89ffff 0x0001/0x0000 0x0000000
5195d0c.7f8: *00007ff7c2740000-00007ff7c271cfff 0x0002/0x0002 0x0040000
5205d0c.7f8: 00007ff7c2763000-00007ff7c1db5fff 0x0001/0x0000 0x0000000
5215d0c.7f8: *00007ff7c3110000-00007ff7c3110fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5225d0c.7f8: 00007ff7c3111000-00007ff7c317ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5235d0c.7f8: 00007ff7c3180000-00007ff7c3180fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5245d0c.7f8: 00007ff7c3181000-00007ff7c31c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5255d0c.7f8: 00007ff7c31c6000-00007ff7c31c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5265d0c.7f8: 00007ff7c31c7000-00007ff7c31c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5275d0c.7f8: 00007ff7c31c8000-00007ff7c31ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5285d0c.7f8: 00007ff7c31cd000-00007ff7c31cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5295d0c.7f8: 00007ff7c31ce000-00007ff7c31cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5305d0c.7f8: 00007ff7c31cf000-00007ff7c31d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5315d0c.7f8: 00007ff7c31d3000-00007ff7c321afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5325d0c.7f8: 00007ff7c321b000-00007ff7c3215fff 0x0001/0x0000 0x0000000
5335d0c.7f8: *00007ff7c3220000-00007ff7c321efff 0x0040/0x0040 0x0020000 !!
5345d0c.7f8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff7c3220000 (LB 0x1000, 00007ff7c3220000 LB 0x1000)
5355d0c.7f8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff7c3220000/00007ff7c3220000 LB 0/0x1000]
5365d0c.7f8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff7c3220000 LB 0x7444b0000 s=0x10000 ap=0x0 rp=0xe9c9929c00000001
5375d0c.7f8: 00007ff7c3221000-00007ff07ed71fff 0x0001/0x0000 0x0000000
5385d0c.7f8: *00007fff076d0000-00007fff076d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5395d0c.7f8: 00007fff076d1000-00007fff077cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5405d0c.7f8: 00007fff077ce000-00007fff0780efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5415d0c.7f8: 00007fff0780f000-00007fff07817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5425d0c.7f8: 00007fff07818000-00007fff07824fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5435d0c.7f8: 00007fff07825000-00007fff07825fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5445d0c.7f8: 00007fff07826000-00007fff07828fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5455d0c.7f8: 00007fff07829000-00007fff07890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5465d0c.7f8: 00007fff07891000-00007ffe0f141fff 0x0001/0x0000 0x0000000
5475d0c.7f8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
5485d0c.7f8: VirtualBox.exe: timestamp 0x58594e7b (rc=VINF_SUCCESS)
5495d0c.7f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5505d0c.7f8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
5515d0c.7f8: 00007ff7c3110172 / 0x0000172: 00 != 11
5525d0c.7f8: 00007ff7c3110174 / 0x0000174: 00 != 14
5535d0c.7f8: Restored 0x400 bytes of original file content at 00007ff7c3110000
5545d0c.7f8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5555d0c.7f8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x83
5565d0c.7f8: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 59 sleeps
5575d0c.7f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5585d0c.7f8: *0000000000000000-ffffffffff3fffff 0x0001/0x0000 0x0000000
5595d0c.7f8: *0000000000c00000-0000000000afbfff 0x0000/0x0004 0x0020000
5605d0c.7f8: 0000000000d04000-0000000000d00fff 0x0004/0x0004 0x0020000
5615d0c.7f8: 0000000000d07000-0000000000c0dfff 0x0000/0x0004 0x0020000
5625d0c.7f8: *0000000000e00000-0000000000ddffff 0x0004/0x0004 0x0020000
5635d0c.7f8: *0000000000e20000-0000000000e0afff 0x0002/0x0002 0x0040000
5645d0c.7f8: 0000000000e35000-0000000000e29fff 0x0001/0x0000 0x0000000
5655d0c.7f8: *0000000000e40000-0000000000d44fff 0x0000/0x0004 0x0020000
5665d0c.7f8: 0000000000f3b000-0000000000f37fff 0x0104/0x0004 0x0020000
5675d0c.7f8: 0000000000f3e000-0000000000f3bfff 0x0004/0x0004 0x0020000
5685d0c.7f8: *0000000000f40000-0000000000f3bfff 0x0002/0x0002 0x0040000
5695d0c.7f8: 0000000000f44000-0000000000f37fff 0x0001/0x0000 0x0000000
5705d0c.7f8: *0000000000f50000-0000000000f4dfff 0x0004/0x0004 0x0020000
5715d0c.7f8: 0000000000f52000-ffffffff81ec3fff 0x0001/0x0000 0x0000000
5725d0c.7f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5735d0c.7f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5745d0c.7f8: 000000007fff0000-ffff80093d89ffff 0x0001/0x0000 0x0000000
5755d0c.7f8: *00007ff7c2740000-00007ff7c271cfff 0x0002/0x0002 0x0040000
5765d0c.7f8: 00007ff7c2763000-00007ff7c1db5fff 0x0001/0x0000 0x0000000
5775d0c.7f8: *00007ff7c3110000-00007ff7c3110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5785d0c.7f8: 00007ff7c3111000-00007ff7c317ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5795d0c.7f8: 00007ff7c3180000-00007ff7c3180fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5805d0c.7f8: 00007ff7c3181000-00007ff7c31c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5815d0c.7f8: 00007ff7c31c6000-00007ff7c31d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5825d0c.7f8: 00007ff7c31d3000-00007ff7c321afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5835d0c.7f8: 00007ff7c321b000-00007ff07ed65fff 0x0001/0x0000 0x0000000
5845d0c.7f8: *00007fff076d0000-00007fff076d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5855d0c.7f8: 00007fff076d1000-00007fff077cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5865d0c.7f8: 00007fff077ce000-00007fff0780efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5875d0c.7f8: 00007fff0780f000-00007fff07812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5885d0c.7f8: 00007fff07813000-00007fff07817fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5895d0c.7f8: 00007fff07818000-00007fff07824fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5905d0c.7f8: 00007fff07825000-00007fff07825fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5915d0c.7f8: 00007fff07826000-00007fff07828fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5925d0c.7f8: 00007fff07829000-00007fff07890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5935d0c.7f8: 00007fff07891000-00007ffe0f141fff 0x0001/0x0000 0x0000000
5945d0c.7f8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
5955d0c.7f8: supR3HardNtChildPurify: Done after 1075 ms and 2 fixes (loop #1).
5962304.7a8: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
5972304.7a8: supR3HardenedVmProcessInit: uNtDllAddr=00007fff076d0000 g_uNtVerCombined=0xa0295a00
5982304.7a8: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
5992304.7a8: New simple heap: #1 0000000001060000 LB 0x400000 (for 1839104 allocation)
6005d0c.7f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001410000 LB 0x400000)
6015d0c.7f8: supR3HardNtEnableThreadCreation:
6022304.7a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6032304.7a8: System32: \Device\HarddiskVolume2\Windows\System32
6042304.7a8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
6052304.7a8: KnownDllPath: C:\windows\system32
6062304.7a8: supR3HardenedVmProcessInit: Opening vboxdrv...
6072304.7a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6082304.7a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6092304.7a8: Registered Dll notification callback with NTDLL.
6102304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
6112304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
6122304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
6132304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03d80000 LB 0x001e8000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
6142304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
6152304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
6162304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04dc0000 LB 0x000ad000 C:\windows\system32\KERNEL32.DLL [fFlags=0x0]
6172304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6182304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04dc0000 'C:\windows\system32\KERNEL32.DLL'
6192304.7a8: supR3HardenedDllNotificationCallback: load 00007ff7c3110000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
6202304.7a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6212304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6222304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6232304.7a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff07746d50 pvNtTerminateThread=00007fff07775b30
6245d0c.7f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 112 ms.
6252304.7a8: \SystemRoot\System32\ntdll.dll:
6262304.7a8: CreationTime: 2016-06-03T07:31:29.849694900Z
6272304.7a8: LastWriteTime: 2016-04-23T05:24:28.464629900Z
6282304.7a8: ChangeTime: 2016-06-16T01:30:16.944562000Z
6292304.7a8: FileAttributes: 0x20
6302304.7a8: Size: 0x1bc248
6312304.7a8: NT Headers: 0xe0
6322304.7a8: Timestamp: 0x571af2eb
6332304.7a8: Machine: 0x8664 - amd64
6342304.7a8: Timestamp: 0x571af2eb
6352304.7a8: Image Version: 10.0
6362304.7a8: SizeOfImage: 0x1c1000 (1839104)
6372304.7a8: Resource Dir: 0x159000 LB 0x66218
6382304.7a8: ProductName: Microsoft® Windows® Operating System
6392304.7a8: ProductVersion: 10.0.10586.306
6402304.7a8: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
6412304.7a8: FileDescription: NT Layer DLL
6422304.7a8: \SystemRoot\System32\kernel32.dll:
6432304.7a8: CreationTime: 2016-12-05T09:54:47.900956900Z
6442304.7a8: LastWriteTime: 2016-09-07T05:39:18.648308100Z
6452304.7a8: ChangeTime: 2016-12-20T09:57:22.962423400Z
6462304.7a8: FileAttributes: 0x20
6472304.7a8: Size: 0xac428
6482304.7a8: NT Headers: 0xf0
6492304.7a8: Timestamp: 0x57cf97d5
6502304.7a8: Machine: 0x8664 - amd64
6512304.7a8: Timestamp: 0x57cf97d5
6522304.7a8: Image Version: 10.0
6532304.7a8: SizeOfImage: 0xad000 (708608)
6542304.7a8: Resource Dir: 0xab000 LB 0x528
6552304.7a8: ProductName: Microsoft® Windows® Operating System
6562304.7a8: ProductVersion: 10.0.10586.589
6572304.7a8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
6582304.7a8: FileDescription: Windows NT BASE API Client DLL
6592304.7a8: \SystemRoot\System32\KernelBase.dll:
6602304.7a8: CreationTime: 2016-12-05T09:53:46.179332900Z
6612304.7a8: LastWriteTime: 2016-09-07T05:39:29.471401400Z
6622304.7a8: ChangeTime: 2016-12-20T09:57:28.650160300Z
6632304.7a8: FileAttributes: 0x20
6642304.7a8: Size: 0x1e7c08
6652304.7a8: NT Headers: 0xf0
6662304.7a8: Timestamp: 0x57cf948c
6672304.7a8: Machine: 0x8664 - amd64
6682304.7a8: Timestamp: 0x57cf948c
6692304.7a8: Image Version: 10.0
6702304.7a8: SizeOfImage: 0x1e8000 (1998848)
6712304.7a8: Resource Dir: 0x1d1000 LB 0x540
6722304.7a8: ProductName: Microsoft® Windows® Operating System
6732304.7a8: ProductVersion: 10.0.10586.589
6742304.7a8: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
6752304.7a8: FileDescription: Windows NT BASE API Client DLL
6762304.7a8: \SystemRoot\System32\apisetschema.dll:
6772304.7a8: CreationTime: 2015-10-30T07:17:57.502957900Z
6782304.7a8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
6792304.7a8: ChangeTime: 2016-05-16T22:30:45.978904000Z
6802304.7a8: FileAttributes: 0x20
6812304.7a8: Size: 0x16d60
6822304.7a8: NT Headers: 0xc8
6832304.7a8: Timestamp: 0x5632d94c
6842304.7a8: Machine: 0x8664 - amd64
6852304.7a8: Timestamp: 0x5632d94c
6862304.7a8: Image Version: 10.0
6872304.7a8: SizeOfImage: 0x18000 (98304)
6882304.7a8: Resource Dir: 0x17000 LB 0x400
6892304.7a8: ProductName: Microsoft® Windows® Operating System
6902304.7a8: ProductVersion: 10.0.10586.0
6912304.7a8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6922304.7a8: FileDescription: ApiSet Schema DLL
6932304.7a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6942304.7a8: supR3HardenedWinFindAdversaries: 0x83
6952304.7a8: \SystemRoot\System32\drivers\SysPlant.sys:
6962304.7a8: CreationTime: 2015-12-02T15:13:08.693783300Z
6972304.7a8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
6982304.7a8: ChangeTime: 2016-09-05T01:29:21.296931500Z
6992304.7a8: FileAttributes: 0x20
7002304.7a8: Size: 0x2b9a8
7012304.7a8: NT Headers: 0x100
7022304.7a8: Timestamp: 0x576a282d
7032304.7a8: Machine: 0x8664 - amd64
7042304.7a8: Timestamp: 0x576a282d
7052304.7a8: Image Version: 5.0
7062304.7a8: SizeOfImage: 0x30000 (196608)
7072304.7a8: Resource Dir: 0x2e000 LB 0x498
7082304.7a8: ProductName: Symantec CMC Firewall
7092304.7a8: ProductVersion: 12.1.7004.6500
7102304.7a8: FileVersion: 12.1.7004.6500
7112304.7a8: FileDescription: Symantec CMC Firewall SysPlant
7122304.7a8: \SystemRoot\System32\sysfer.dll:
7132304.7a8: CreationTime: 2015-12-02T15:13:08.693783300Z
7142304.7a8: LastWriteTime: 2016-09-05T01:29:21.296931500Z
7152304.7a8: ChangeTime: 2016-09-05T01:29:21.296931500Z
7162304.7a8: FileAttributes: 0x20
7172304.7a8: Size: 0x73728
7182304.7a8: NT Headers: 0xf0
7192304.7a8: Timestamp: 0x576a2837
7202304.7a8: Machine: 0x8664 - amd64
7212304.7a8: Timestamp: 0x576a2837
7222304.7a8: Image Version: 0.0
7232304.7a8: SizeOfImage: 0x89000 (561152)
7242304.7a8: Resource Dir: 0x87000 LB 0x630
7252304.7a8: ProductName: Symantec CMC Firewall
7262304.7a8: ProductVersion: 12.1.7004.6500
7272304.7a8: FileVersion: 12.1.7004.6500
7282304.7a8: FileDescription: Symantec CMC Firewall sysfer
7292304.7a8: \SystemRoot\System32\drivers\symevent64x86.sys:
7302304.7a8: CreationTime: 2015-12-02T15:14:38.017425000Z
7312304.7a8: LastWriteTime: 2015-12-02T15:14:37.748585400Z
7322304.7a8: ChangeTime: 2016-05-16T22:31:32.083408600Z
7332304.7a8: FileAttributes: 0x20
7342304.7a8: Size: 0x2b8d8
7352304.7a8: NT Headers: 0xe8
7362304.7a8: Timestamp: 0x54b87d44
7372304.7a8: Machine: 0x8664 - amd64
7382304.7a8: Timestamp: 0x54b87d44
7392304.7a8: Image Version: 6.0
7402304.7a8: SizeOfImage: 0x38000 (229376)
7412304.7a8: Resource Dir: 0x36000 LB 0x3c8
7422304.7a8: ProductName: SYMEVENT
7432304.7a8: ProductVersion: 12.9.6.12
7442304.7a8: FileVersion: 12.9.6.12
7452304.7a8: FileDescription: Symantec Event Library
7462304.7a8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
7472304.7a8: CreationTime: 2016-07-15T02:53:45.432827500Z
7482304.7a8: LastWriteTime: 2016-07-15T02:53:45.434857700Z
7492304.7a8: ChangeTime: 2016-07-15T02:53:45.434857700Z
7502304.7a8: FileAttributes: 0x20
7512304.7a8: Size: 0x2eed8
7522304.7a8: NT Headers: 0xe0
7532304.7a8: Timestamp: 0x55b855d9
7542304.7a8: Machine: 0x8664 - amd64
7552304.7a8: Timestamp: 0x55b855d9
7562304.7a8: Image Version: 6.1
7572304.7a8: SizeOfImage: 0x33000 (208896)
7582304.7a8: Resource Dir: 0x31000 LB 0x3b8
7592304.7a8: ProductName: Malwarebytes Anti-Malware
7602304.7a8: ProductVersion: 0.3.0.0
7612304.7a8: FileVersion: 0.3.0.0
7622304.7a8: FileDescription: Malwarebytes Anti-Malware
7632304.7a8: \SystemRoot\System32\drivers\mbam.sys:
7642304.7a8: CreationTime: 2016-07-14T01:28:19.482174200Z
7652304.7a8: LastWriteTime: 2015-10-22T13:43:18.000000000Z
7662304.7a8: ChangeTime: 2016-07-14T01:28:19.498772900Z
7672304.7a8: FileAttributes: 0x20
7682304.7a8: Size: 0x64d8
7692304.7a8: NT Headers: 0xf8
7702304.7a8: Timestamp: 0x5629a385
7712304.7a8: Machine: 0x8664 - amd64
7722304.7a8: Timestamp: 0x5629a385
7732304.7a8: Image Version: 6.1
7742304.7a8: SizeOfImage: 0xa000 (40960)
7752304.7a8: Resource Dir: 0x8000 LB 0x3e0
7762304.7a8: ProductName: Malwarebytes Anti-Malware
7772304.7a8: ProductVersion: 1.60.2.0000
7782304.7a8: FileVersion: 1.60.2.0000 built by: WinDDK
7792304.7a8: FileDescription: Malwarebytes Anti-Malware (MEE)
7802304.7a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7812304.7a8: Calling main()
7822304.7a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7832304.7a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7842304.7a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7852304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7862304.7a8: SUPR3HardenedMain: Final process, opening VBoxDrv...
7872304.7a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001060000 LB 0x400000)
7882304.7a8: supR3HardNtEnableThreadCreation:
7892304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7902304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7912304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7922304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7932304.7a8: supR3HardenedDllNotificationCallback: load 00007ffef91b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7942304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7952304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7962304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7972304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef91b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7982304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7992304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8002304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef91b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8012304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef91b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8022304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8032304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8042304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8052304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
8062304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8072304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8102304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8112304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8132304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8142304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8152304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
8162304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8172304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8202304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8212304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8222304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8232304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8242304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8252304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8282304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8312304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8322304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8332304.7a8: supR3HardenedDllNotificationCallback: load 00007fff053c0000 LB 0x0009d000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
8342304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8352304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03cf0000 LB 0x00010000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
8362304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8372304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04020000 LB 0x001c8000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
8382304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8392304.7a8: supR3HardenedDllNotificationCallback: load 00007fff07400000 LB 0x0011c000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
8402304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8412304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03fc0000 LB 0x00055000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
8422304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8432304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\windows\system32\Wintrust.dll'
8442304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8452304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8462304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8472304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8482304.7a8: supR3HardenedDllNotificationCallback: load 00007fff038f0000 LB 0x00029000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
8492304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8502304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff038f0000 'C:\windows\system32\bcrypt.dll'
8512304.7a8: bcrypt.dll loaded at 00007fff038f0000, BCryptOpenAlgorithmProvider at 00007fff038f3b50, preloading providers:
8522304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8532304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8542304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8552304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04860000 LB 0x0006a000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
8562304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8572304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04860000 'C:\windows\system32\bcryptprimitives.dll'
8582304.7a8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001599f70)
8592304.7a8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000159a630)
8602304.7a8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000159a900)
8612304.7a8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000159ac60)
8622304.7a8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000159b780)
8632304.7a8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000159ba90)
8642304.7a8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000159bda0)
8652304.7a8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000159c070)
8662304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8672304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8682304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8692304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8702304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8712304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8722304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8732304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8742304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8752304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8762304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8772304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8782304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8792304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8802304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8812304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8822304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8832304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8842304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8852304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8862304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
8872304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
8882304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
8892304.7a8: supR3HardenedDllNotificationCallback: load 00007fff036d0000 LB 0x00017000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
8902304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8912304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
8922304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
8932304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
8942304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8962304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8972304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8982304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8992304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03360000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
9002304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9012304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
9022304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
9032304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9042304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9052304.7a8: supR3HardenedDllNotificationCallback: load 00007fff037f0000 LB 0x0000b000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9062304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9072304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9102304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9112304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9122304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04dc0000 'C:\windows\system32\kernel32.dll'
9132304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9142304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
9152304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9162304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9172304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\CRYPT32.dll'
9182304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04ff0000 LB 0x0001c000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
9192304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9202304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9212304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9222304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9232304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9242304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9252304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9262304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9272304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
9282304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05460000 LB 0x0005b000 C:\windows\system32\sechost.dll [fFlags=0x0]
9292304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9302304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9312304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9322304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9332304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9342304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9352304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9362304.7a8: supR3HardenedDllNotificationCallback: load 00007fff02cf0000 LB 0x00024000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
9372304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9382304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03d10000 LB 0x00014000 C:\windows\system32\profapi.dll [fFlags=0x0]
9392304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9402304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9412304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9422304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9432304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9442304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9452304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9462304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9472304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9482304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9492304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9502304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9512304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9522304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9532304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9542304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9552304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9562304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9572304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9582304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9592304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9602304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9612304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9622304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee5d20000 LB 0x0002f000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
9632304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9642304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9652304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9662304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9672304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9682304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9692304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9702304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9712304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9722304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9732304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9742304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9752304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9762304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9772304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9782304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9792304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9802304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9812304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9822304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9832304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9842304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9852304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9862304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9882304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9892304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9902304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9912304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9922304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\windows\system32\cryptnet.dll'
9932304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9942304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5d20000 'C:\Windows\System32\cryptnet.dll'
9952304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04f40000 LB 0x000a7000 C:\windows\system32\advapi32.dll [fFlags=0x0]
9962304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9972304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
9982304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
9992304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
10002304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10012304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10022304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10042304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10052304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
10062304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
10072304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10102304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10112304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10122304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10132304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10142304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10152304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10162304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10172304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000015e2150
10182304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
10192304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
10202304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10212304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10222304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff07400000 'C:\windows\system32\rpcrt4.dll'
10232304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10242304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10252304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10262304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10272304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10282304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10292304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10302304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10312304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10322304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10332304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10342304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10352304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10362304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10372304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\Windows\System32\WINTRUST.DLL'
10382304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10392304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10402304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10412304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10422304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10432304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10442304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2351_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
10452304.7a8: g_pfnWinVerifyTrust=00007fff03fc74d0
10462304.7a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10472304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10482304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10492304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10502304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10512304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10522304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10532304.7a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10542304.7a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10552304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10562304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10572304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10582304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10592304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10602304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10612304.7a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10622304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10632304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10642304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10652304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10662304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10672304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10682304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
10692304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
10702304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
10712304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10722304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10732304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10742304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10752304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10762304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10772304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10782304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10792304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10802304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10812304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10822304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10832304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10842304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10852304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10862304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10882304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10892304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10902304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10912304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10922304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10932304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10942304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10952304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
10962304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10972304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10982304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
10992304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11002304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11012304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11022304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11032304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
11042304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11052304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11062304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11072304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11082304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11092304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11102304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11112304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11122304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11132304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11142304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11152304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11162304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11172304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11182304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11192304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11202304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11212304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11222304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11232304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11242304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11252304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11262304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
11272304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11282304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11292304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11302304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11312304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11322304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11332304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
11342304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11352304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA
11362304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11372304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11382304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6cfe8a8d674bca10 O=Alibaba.com Corporation, OU=CA Center, CN=Alibaba.com Corporation Root CA
11392304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11402304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7d8c1a420e92e800 C=CN, O=Alipay.com Co.,Ltd, OU=www.alipay.com, CN=ALIPAY_ROOT
11412304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11422304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11432304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc14c7331681eb900 CN=LenovoRootCA
11442304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11452304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11462304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11472304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11482304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11492304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11502304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11512304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11522304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11532304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11542304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11552304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11562304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11572304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11582304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11592304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11602304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11612304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11622304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11632304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11642304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11652304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11662304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11672304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
11682304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7d2686ca075db300 C=CN, O=UniTrust, CN=UCA Root
11692304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11702304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11712304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
11722304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11732304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11742304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11752304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11762304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11772304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11782304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11792304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11802304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
11812304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11822304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
11832304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11842304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11852304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11862304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11872304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xcb32740823b0cd9b CN=iipcmigration, L=EFS, OU=EFS File Encryption Certificate
11882304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4ad77ba35f0f9800 CN=LenovoSHA2ROOTCA
11892304.7a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc14c7331681eb900 CN=LenovoRootCA
11902304.7a8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=56
11912304.7a8: SUPR3HardenedMain: Load Runtime...
11922304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
11932304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11942304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11952304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11962304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11972304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11982304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11992304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12012304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12022304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12042304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
12052304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
12062304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
12072304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12082304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12132304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12142304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
12152304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12162304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12172304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12202304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12212304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12222304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12232304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
12242304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12252304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
12262304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12272304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12282304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12292304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12302304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12312304.7a8: supR3HardenedDllNotificationCallback: load 000000006b350000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12322304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12332304.7a8: supR3HardenedDllNotificationCallback: load 000000006b430000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12342304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12352304.7a8: supR3HardenedDllNotificationCallback: load 00007fff054c0000 LB 0x0006b000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
12362304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12372304.7a8: supR3HardenedDllNotificationCallback: load 00007ffed2570000 LB 0x0052e000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12382304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12392304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12402304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12412304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12422304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12432304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12442304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12452304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12462304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12472304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12482304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12492304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12502304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12512304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12522304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12532304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12542304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12552304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12562304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12572304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12582304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12592304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12602304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12612304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12622304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12632304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12642304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12652304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12662304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12672304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12682304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12692304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12702304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12712304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12722304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12732304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12742304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12752304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12762304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12772304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12782304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12792304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12802304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12812304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12822304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12832304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12842304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12852304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12862304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12882304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12892304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12902304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03fc0000 'C:\windows\system32\Wintrust.dll'
12912304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
12922304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
12932304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
12942304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
12952304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
12962304.7a8: SUPR3HardenedMain: Load TrustedMain...
12972304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
12982304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12992304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
13002304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13012304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13022304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13032304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13042304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13052304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13062304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13072304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13082304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13092304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13102304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13112304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13122304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13132304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13142304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13152304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13162304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13192304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
13202304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
13212304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
13222304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
13232304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
13242304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13252304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13282304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13302304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
13312304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
13322304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
13332304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
13342304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13352304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13362304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13372304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13392304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
13402304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13412304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
13422304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
13432304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13442304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13452304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13462304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13472304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13482304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
13492304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
13502304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
13512304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
13522304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13532304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13542304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13552304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
13562304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
13572304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13582304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
13592304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13602304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13612304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13632304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13642304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13652304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13662304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13672304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13682304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13692304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
13702304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13712304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
13722304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
13732304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
13742304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
13752304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13762304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13772304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13782304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13792304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
13802304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13812304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13822304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13832304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13842304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
13852304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13862304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
13882304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13892304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
13902304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
13912304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
13922304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
13932304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13942304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13962304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13972304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13982304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13992304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
14002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14012304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14022304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14042304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14052304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14062304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14072304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14102304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
14112304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
14122304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14132304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
14142304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
14152304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14162304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14192304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14202304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14212304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14222304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
14232304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14242304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14252304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14282304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14312304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
14322304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
14332304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
14342304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14352304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14362304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
14372304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14382304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14392304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14402304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14412304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14422304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14432304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
14442304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
14452304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14462304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14472304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14482304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14492304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14502304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
14512304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14522304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14532304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14542304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14552304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14562304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14572304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14582304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14592304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14602304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14612304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14632304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14642304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14652304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14662304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14672304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14682304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14692304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14702304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14712304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14722304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14732304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14742304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14752304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14762304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14772304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14782304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14792304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14802304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14812304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14822304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14832304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14842304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14852304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14862304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14872304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14882304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14892304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14902304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14912304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14922304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14932304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14942304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14962304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14972304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14982304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14992304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15012304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15022304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15042304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15052304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15062304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15072304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15082304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15112304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15132304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15142304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15172304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15202304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15212304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15222304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15232304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
15242304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15252304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15262304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15272304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
15282304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
15292304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15302304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
15312304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15322304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15342304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15352304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15362304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15372304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15392304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15402304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15412304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15422304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15432304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
15442304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
15452304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
15462304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15472304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15482304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15492304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15502304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15512304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15522304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15532304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15542304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15552304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15562304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15572304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15582304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15592304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15602304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15612304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15632304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15642304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15652304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15662304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15672304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15682304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
15692304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
15702304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
15712304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
15722304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
15732304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15742304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15752304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15762304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15772304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15782304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15792304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
15802304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15812304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15822304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15832304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15842304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15852304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15862304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15872304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15882304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15892304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15902304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15912304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15922304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15932304.7a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15942304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15962304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
15972304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
15982304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15992304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16002304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
16012304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16022304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
16032304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
16042304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16052304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16062304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16072304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16132304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16152304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16182304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16192304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
16202304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16212304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16222304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
16232304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16242304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
16252304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16262304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
16272304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
16282304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
16292304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
16302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16322304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
16332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16342304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16352304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16362304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16372304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16382304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
16392304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16402304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
16412304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
16422304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
16432304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
16442304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
16452304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
16462304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
16472304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
16482304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16492304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16502304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16512304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
16522304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16532304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
16542304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
16552304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16562304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16572304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16582304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16592304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16602304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16612304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
16622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16632304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16642304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16652304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16662304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16672304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16682304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16692304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16702304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
16712304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
16722304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
16732304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16742304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16752304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
16762304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
16772304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
16782304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16792304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
16802304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
16812304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
16822304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
16832304.7a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
16842304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16852304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
16862304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll)
16872304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
16882304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16892304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16902304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16912304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16922304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16932304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
16942304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16952304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16962304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16972304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
16982304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16992304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17012304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17022304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17042304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
17052304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17062304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
17072304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
17082304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
17092304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17132304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17182304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17202304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17212304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17222304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17232304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17242304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17252304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17282304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17322304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17342304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17352304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
17362304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
17372304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17392304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
17402304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
17412304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
17422304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17432304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17442304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
17452304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
17462304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
17472304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17482304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17492304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
17502304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
17512304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
17522304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17532304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17542304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17552304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17562304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17572304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17582304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17592304.7a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
17602304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
17612304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
17622304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
17632304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
17642304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
17652304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
17662304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17672304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17682304.7a8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
17692304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
17702304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17712304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17722304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17732304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17742304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17752304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17762304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17772304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17782304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17792304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
17802304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17812304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17822304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17832304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17842304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17852304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
17862304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
17872304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17882304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
17892304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17902304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\davhlpr.dll)
17912304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
17922304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04ad0000 LB 0x00156000 C:\windows\system32\USER32.dll [fFlags=0x0]
17932304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
17942304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04c30000 LB 0x00186000 C:\windows\system32\GDI32.dll [fFlags=0x0]
17952304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
17962304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee5470000 LB 0x00008000 C:\windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
17972304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
17982304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee5050000 LB 0x000fa000 C:\windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
17992304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
18002304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee56a0000 LB 0x0002e000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
18012304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
18022304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee5150000 LB 0x00129000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
18032304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18042304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03f70000 LB 0x00043000 C:\windows\system32\cfgmgr32.dll [fFlags=0x0]
18052304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
18062304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18072304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05090000 LB 0x0027d000 C:\windows\system32\combase.dll [fFlags=0x0]
18082304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
18092304.7a8: supR3HardenedDllNotificationCallback: load 00007fff073a0000 LB 0x00052000 C:\windows\system32\shlwapi.dll [fFlags=0x0]
18102304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
18112304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03d00000 LB 0x0000f000 C:\windows\system32\kernel.appcore.dll [fFlags=0x0]
18122304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
18132304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18142304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
18152304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
18162304.7a8: supR3HardenedDllNotificationCallback: load 00007fff048d0000 LB 0x000b5000 C:\windows\system32\shcore.dll [fFlags=0x0]
18172304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18182304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
18192304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
18202304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
18212304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
18222304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03d30000 LB 0x0004b000 C:\windows\system32\powrprof.dll [fFlags=0x0]
18232304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18242304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
18252304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
18262304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
18272304.7a8: supR3HardenedDllNotificationCallback: load 00007fff041f0000 LB 0x00645000 C:\windows\system32\windows.storage.dll [fFlags=0x0]
18282304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18292304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
18302304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
18312304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
18322304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
18332304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
18342304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05e30000 LB 0x0155c000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
18352304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18362304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05740000 LB 0x00143000 C:\windows\system32\ole32.dll [fFlags=0x0]
18372304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18382304.7a8: supR3HardenedDllNotificationCallback: load 00007ffeee1a0000 LB 0x0001b000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
18392304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
18402304.7a8: supR3HardenedDllNotificationCallback: load 000000006ad80000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
18412304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18422304.7a8: supR3HardenedDllNotificationCallback: load 00007ffed1680000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
18432304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18442304.7a8: supR3HardenedDllNotificationCallback: load 000000006a810000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18452304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18462304.7a8: supR3HardenedDllNotificationCallback: load 00007ffeff500000 LB 0x00084000 C:\windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
18472304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
18482304.7a8: supR3HardenedDllNotificationCallback: load 00007ffed9e60000 LB 0x000aa000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
18492304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
18502304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04990000 LB 0x00086000 C:\windows\system32\FirewallAPI.dll [fFlags=0x0]
18512304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
18522304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04840000 LB 0x00017000 C:\windows\system32\NETAPI32.dll [fFlags=0x0]
18532304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
18542304.7a8: supR3HardenedDllNotificationCallback: load 00007ffeee690000 LB 0x0000c000 C:\windows\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
18552304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
18562304.7a8: supR3HardenedDllNotificationCallback: load 00007fff075c0000 LB 0x0010b000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
18572304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
18582304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee2900000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18592304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18602304.7a8: supR3HardenedDllNotificationCallback: load 000000006b2f0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18612304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18622304.7a8: supR3HardenedDllNotificationCallback: load 00007fff04e70000 LB 0x000c6000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
18632304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18642304.7a8: supR3HardenedDllNotificationCallback: load 00007fff02440000 LB 0x0002c000 C:\windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
18652304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
18662304.7a8: supR3HardenedDllNotificationCallback: load 00007fff024a0000 LB 0x00023000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
18672304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18682304.7a8: supR3HardenedDllNotificationCallback: load 00007ffed1c80000 LB 0x008e6000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18692304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18702304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
18712304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
18722304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
18732304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
18742304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
18752304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
18762304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
18772304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
18782304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
18792304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
18802304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll'.
18812304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll' [rescheduled]
18822304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
18832304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
18842304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
18852304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
18862304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
18872304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
18882304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'.
18892304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll' [rescheduled]
18902304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'.
18912304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rescheduled]
18922304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
18932304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
18942304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
18952304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
18962304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
18972304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
18982304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18992304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
19002304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
19012304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
19022304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
19032304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
19042304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19052304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
19062304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19072304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
19082304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
19092304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
19102304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19112304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
19122304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
19132304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
19142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19182304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
19192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19202304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19212304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19222304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19232304.7a8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
19242304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19252304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19282304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19322304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19342304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19352304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19362304.7a8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
19372304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19392304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19402304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19412304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19422304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19432304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19442304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19452304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19462304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19472304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19482304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19492304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19502304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19512304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19522304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19532304.7a8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
19542304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19552304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19562304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19572304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19582304.7a8: supR3HardenedDllNotificationCallback: load 00007fff07580000 LB 0x0003b000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
19592304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19602304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff07580000 'C:\windows\system32\IMM32.DLL'
19612304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19622304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
19632304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19642304.7a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19652304.7a8: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
19662304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19672304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff07580000 'C:\windows\system32\imm32.dll'
19682304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19692304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
19702304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fwbase.dll)
19712304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fwbase.dll
19722304.7a8: supR3HardenedDllNotificationCallback: load 00007fff02a70000 LB 0x00032000 C:\windows\SYSTEM32\fwbase.dll [fFlags=0x0]
19732304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
19742304.7a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\fwbase.dll'.
19752304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\fwbase.dll' [rescheduled]
19762304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19772304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19782304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19792304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
19802304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19812304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19822304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19832304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\ADVAPI32.DLL'
19842304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1c80000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19852304.7a8: SUPR3HardenedMain: Calling TrustedMain (00007ffed1c81610)...
19862304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
19872304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19882304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19892304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19902304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19912304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19922304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19932304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19942304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19952304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19962304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19972304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19982304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19992304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20012304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20022304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20042304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20052304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20062304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20072304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20102304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20132304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20162304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20192304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20202304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
20212304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
20222304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
20232304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
20242304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
20252304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
20262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20282304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20302304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20322304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20332304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
20342304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
20352304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
20362304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
20372304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20382304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20392304.7a8: supR3HardenedDllNotificationCallback: load 00007ffed5df0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
20402304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20412304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed5df0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
20422304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20432304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
20442304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
20452304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
20462304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
20472304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
20482304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
20492304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20502304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20512304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
20522304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
20532304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
20542304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20552304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20562304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20572304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20582304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20592304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20602304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20612304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20622304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20632304.7a8: supR3HardenedDllNotificationCallback: load 00007fff02600000 LB 0x00096000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
20642304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20652304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02600000 'C:\windows\system32\uxtheme.dll'
20662304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04ad0000 'C:\windows\system32\user32.dll'
20672304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20682304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20692304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
20702304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
20712304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
20722304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
20732304.7a8: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
20742304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20752304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff048d0000 'C:\windows\system32\SHCore.dll'
20762304.7a8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
20772304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20782304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
20792304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04ad0000 'C:\windows\system32\user32.dll'
20802304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20812304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
20822304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
20832304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
20842304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20852304.7a8: supR3HardenedDllNotificationCallback: load 00007fff016c0000 LB 0x00022000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
20862304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
20872304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000668 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20882304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
20892304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
20902304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
20912304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20922304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20932304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20942304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20962304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20972304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20982304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
20992304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
21002304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
21012304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21022304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
21032304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21042304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21052304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
21062304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21072304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21082304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
21092304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21102304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21112304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
21122304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21132304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21142304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02600000 'C:\windows\system32\uxtheme.dll'
21152304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21162304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21172304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\advapi32.dll'
21182304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
21192304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
21202304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21212304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
21222304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
21232304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
21242304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
21252304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
21262304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
21272304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
21282304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21322304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21332304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21342304.7a8: supR3HardenedDllNotificationCallback: load 00007fff034b0000 LB 0x0001f000 C:\windows\system32\userenv.dll [fFlags=0x0]
21352304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21362304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff034b0000 'C:\windows\system32\userenv.dll'
21372304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21382304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21392304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04dc0000 'C:\windows\system32\kernel32.dll'
21402304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05310000 LB 0x000a7000 C:\windows\system32\clbcatq.dll [fFlags=0x0]
21412304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21422304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
21432304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
21442304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
21452304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21462304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21472304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21482304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21492304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
21502304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
21512304.5a9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
21522304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
21532304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21542304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21552304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21562304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21572304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21582304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21592304.5a9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
21602304.5a9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21612304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21622304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21632304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21642304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21652304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21662304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21672304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21682304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21692304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21702304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21712304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21722304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21732304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21742304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21752304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21762304.5a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21772304.5a9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21782304.5a9c: supR3HardenedDllNotificationCallback: load 00007ffed1180000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21792304.5a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
21802304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1180000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21812304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
21822304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21832304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21842304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21852304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21862304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21872304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21882304.5a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21892304.5a9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21902304.5a9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21912304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21922304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21932304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21942304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21952304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21962304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21972304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21982304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21992304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22002304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22012304.5a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
22022304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22032304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22042304.5a9c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
22052304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22062304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22072304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22082304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22092304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22102304.5a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22112304.5a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22122304.5a9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22132304.5a9c: supR3HardenedDllNotificationCallback: load 00007ffede090000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
22142304.5a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22152304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffede090000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
22162304.5a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22172304.5a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22182304.5a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04e70000 'C:\Windows\System32\oleaut32.dll'
22192304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04c30000 'C:\windows\system32\gdi32.dll'
22202304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22212304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22222304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
22232304.7a8: supR3HardenedDllNotificationCallback: load 00007fff058a0000 LB 0x0015a000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
22242304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22252304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
22262304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
22272304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
22282304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
22292304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
22302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22312304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22322304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
22332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22342304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22352304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22362304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22372304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22392304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
22402304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22412304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22422304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
22432304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e0 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
22442304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
22452304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
22462304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
22472304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22482304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22492304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
22502304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22512304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22522304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
22532304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
22542304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
22552304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
22562304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
22572304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
22582304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
22592304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
22602304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22612304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22622304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22632304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
22642304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
22652304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22662304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22672304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22682304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22692304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22702304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22712304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22722304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
22732304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
22742304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
22752304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22762304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22772304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
22782304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22792304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22802304.7a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
22812304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22822304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
22832304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
22842304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
22852304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22862304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22872304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22882304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22892304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22902304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22912304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
22922304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
22932304.7a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
22942304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
22952304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
22962304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
22972304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22982304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22992304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23002304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23012304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
23022304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
23032304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
23042304.7a8: supR3HardenedDllNotificationCallback: load 00007fff012f0000 LB 0x000a2000 C:\windows\system32\dxgi.dll [fFlags=0x0]
23052304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
23062304.7a8: supR3HardenedDllNotificationCallback: load 00007fff013c0000 LB 0x002a8000 C:\windows\system32\d3d11.dll [fFlags=0x0]
23072304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
23082304.7a8: supR3HardenedDllNotificationCallback: load 00007fff01e00000 LB 0x000e3000 C:\windows\system32\dcomp.dll [fFlags=0x0]
23092304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
23102304.7a8: supR3HardenedDllNotificationCallback: load 00007ffee5390000 LB 0x0004a000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
23112304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23122304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5390000 'C:\windows\system32\dataexchange.dll'
23132304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
23142304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
23152304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
23162304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23172304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
23182304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
23192304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
23202304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
23212304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
23222304.7a8: supR3HardenedDllNotificationCallback: load 00007fff02810000 LB 0x00100000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
23232304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
23242304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23252304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23262304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
23272304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23282304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23292304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
23302304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
23312304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
23322304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23332304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23342304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
23352304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
23362304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
23372304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
23382304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23392304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff058a0000 'C:\windows\system32\MSCTF.dll'
23402304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
23412304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
23422304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23432304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23442304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05740000 'C:\windows\system32\ole32.dll'
23452304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23462304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23472304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04e70000 'C:\windows\system32\OLEAUT32.dll'
23482304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a80 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23492304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
23502304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
23512304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
23522304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
23532304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
23542304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
23552304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23562304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23572304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
23582304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
23592304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
23602304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23612304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23632304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23642304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
23652304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
23662304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF99491981CA0032BDB78678E786963DF0E4B99C
23672304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
23682304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23692304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
23702304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
23712304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1263_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
23722304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23732304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23742304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
23752304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
23762304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
23772304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23782304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23792304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23802304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23812304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23822304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23832304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23842304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23852304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23862304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
23872304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
23882304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
23892304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23902304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23912304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23922304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23932304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23942304.7a8: supR3HardenedDllNotificationCallback: load 00007fff001e0000 LB 0x0007f000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
23952304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23962304.7a8: supR3HardenedDllNotificationCallback: load 00007fff00260000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
23972304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23982304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23992304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03d80000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24002304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00260000 'C:\windows\system32\wbem\wbemprox.dll'
24012304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24022304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
24032304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
24042304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
24052304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24062304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
24072304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
24082304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24092304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24102304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24112304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
24122304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24132304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24172304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24182304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24192304.7a8: supR3HardenedDllNotificationCallback: load 00007ffefd360000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
24202304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24212304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd360000 'C:\windows\system32\wbem\wbemsvc.dll'
24222304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24232304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03d80000 'api-ms-win-core-localization-l1-2-0.dll'
24242304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24252304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03d80000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
24262304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24272304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
24282304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
24292304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
24302304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24312304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
24322304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
24332304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24342304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24352304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
24362304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
24372304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24382304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24392304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24402304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24412304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24422304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24432304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24442304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24452304.7a8: supR3HardenedDllNotificationCallback: load 00007ffefb430000 LB 0x000f6000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
24462304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24472304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb430000 'C:\windows\system32\wbem\fastprox.dll'
24482304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24492304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24502304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05740000 'C:\windows\system32\ole32.dll'
24512304.7a8: \Device\HarddiskVolume2\Windows\System32\SogouTSF.ime: Owner is administrators group.
24522304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24532304.461c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24542304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
24552304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
24562304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
24572304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
24582304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'imm32.dll'.
24592304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
24602304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msimg32.dll'.
24612304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
24622304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
24632304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SogouTSF.ime) WinVerifyTrust
24642304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SogouTSF.ime
24652304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24662304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24672304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24682304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24692304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
24702304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
24712304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a5c pwszName=\Device\HarddiskVolume2\Windows\System32\msimg32.dll
24722304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
24732304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
24742304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEF0D39C58CA72EE1B8F2974E1F9AD15EBEE0FD7
24752304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24762304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
24772304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msimg32.dll'
24782304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24792304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
24802304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msimg32.dll) WinVerifyTrust
24812304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msimg32.dll
24822304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
24832304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
24842304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24852304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24862304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
24872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
24882304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24892304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
24902304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
24912304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24922304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24932304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24942304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
24952304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
24962304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24972304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24982304.461c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
24992304.461c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25002304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25012304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25022304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25042304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25052304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25062304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
25072304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25082304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
25092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25122304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SogouTSF.ime (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25132304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SogouTSF.ime
25142304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
25152304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
25162304.7a8: supR3HardenedDllNotificationCallback: load 00007ffef7d10000 LB 0x0000a000 C:\windows\system32\VERSION.dll [fFlags=0x0]
25172304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
25182304.7a8: supR3HardenedDllNotificationCallback: load 00007ffef85f0000 LB 0x00007000 C:\windows\system32\MSIMG32.dll [fFlags=0x0]
25192304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
25202304.7a8: supR3HardenedDllNotificationCallback: load 00007ffeded00000 LB 0x001ea000 C:\windows\system32\SogouTSF.ime [fFlags=0x0]
25212304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SogouTSF.ime
25222304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeded00000 'C:\windows\system32\SogouTSF.ime'
25232304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\advapi32.dll'
25242304.461c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25252304.7a8: \Device\HarddiskVolume2\Windows\System32\SogouPY.ime: Owner is administrators group.
25262304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
25272304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25282304.461c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
25292304.461c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
25302304.461c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
25312304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25322304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25332304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25342304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25352304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25362304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25372304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25382304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25392304.461c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25402304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25412304.461c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25422304.461c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25432304.461c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25442304.461c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
25452304.461c: supR3HardenedDllNotificationCallback: load 000000006a700000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
25462304.461c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
25472304.461c: supR3HardenedDllNotificationCallback: load 00007ffed49a0000 LB 0x0029f000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
25482304.461c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25492304.461c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed49a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25502304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25512304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25522304.5e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25532304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msimg32.dll'.
25542304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25552304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
25562304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25572304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'imm32.dll'.
25582304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
25592304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleacc.dll'.
25602304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SogouPY.ime) WinVerifyTrust
25612304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SogouPY.ime
25622304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
25632304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
25642304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b54 pwszName=\Device\HarddiskVolume2\Windows\System32\oleacc.dll
25652304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
25662304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
25672304.5e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25682304.5e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25692304.5e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25702304.5e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25712304.5e24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25722304.5e24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25732304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25742304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25752304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25762304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25772304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25782304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25792304.5e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25802304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25812304.5e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25822304.5e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25832304.5e24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25842304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=720DACE61EA60460DFCDBADACA904DFD4A193430
25852304.5e24: supR3HardenedDllNotificationCallback: load 00007ffef9d40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25862304.5e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25872304.5e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef9d40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25882304.5e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04ad0000 'C:\windows\system32\User32.dll'
25892304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25902304.3a7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
25912304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
25922304.7a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2101_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleacc.dll'
25932304.7a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25942304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25952304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
25962304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
25972304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleacc.dll) WinVerifyTrust
25982304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleacc.dll
25992304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26002304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26012304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
26022304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26032304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26042304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
26052304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26062304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26072304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26082304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26092304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26102304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26112304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
26122304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
26132304.7a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
26142304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26152304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26162304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26172304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26182304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26192304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26202304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SogouPy.ime (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26212304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SogouPY.ime
26222304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
26232304.7a8: supR3HardenedDllNotificationCallback: load 00007ffef8280000 LB 0x0006a000 C:\windows\SYSTEM32\OLEACC.dll [fFlags=0x0]
26242304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
26252304.7a8: supR3HardenedDllNotificationCallback: load 00007ffedc9c0000 LB 0x008af000 C:\windows\system32\SogouPy.ime [fFlags=0x0]
26262304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SogouPY.ime
26272304.3a7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26282304.3a7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26292304.3a7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26302304.3a7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
26312304.3a7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26322304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26332304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26342304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26352304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26362304.3a7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
26372304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26382304.3a7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26392304.3a7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26402304.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26412304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
26422304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
26432304.7a8: supR3HardenedDllNotificationCallback: load 00007fff03240000 LB 0x00031000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
26442304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
26452304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedc9c0000 'C:\windows\system32\SogouPy.ime'
26462304.3a7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26472304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26482304.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26492304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
26502304.3a7c: supR3HardenedDllNotificationCallback: load 00007ffef8ec0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
26512304.3a7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26522304.3a7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
26532304.5dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
26542304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
26552304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
26562304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
26572304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\VERSION.dll (Input=VERSION.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26582304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7d10000 'C:\windows\system32\VERSION.dll'
26592304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\SHELL32.dll'
26602304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\advapi32.dll'
26612304.5dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26622304.5dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26632304.5dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26642304.5dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26652304.5dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26662304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26672304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26682304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26692304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26702304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26712304.5dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26722304.5dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26732304.5dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26742304.5dac: supR3HardenedDllNotificationCallback: load 00007ffef8600000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26752304.5dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26762304.5dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8600000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26772304.7a8: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
26782304.7a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
26792304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
26802304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
26812304.5d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
26822304.5d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
26832304.5d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
26842304.5d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97A9AAA41AAA9A3C41392C579FD1454246CD6A04
26852304.5d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
26862304.5d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
26872304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05740000 'C:\windows\system32\ole32.dll'
26882304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
26892304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26902304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff058a0000 'C:\windows\System32\msctf.dll'
26912304.7a8: \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll: Owner is administrators group.
26922304.5d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_613_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
26932304.5d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26942304.5d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
26952304.5d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
26962304.7a8: '\Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll' has no imports
26972304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll)
26982304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll
26992304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll [avoiding WinVerifyTrust]
27002304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
27012304.5764: \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll: Owner is administrators group.
27022304.7a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll'
27032304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll
27042304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27052304.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll
27062304.7a8: supR3HardenedDllNotificationCallback: load 00000000073a0000 LB 0x000dd000 C:\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll [fFlags=0x0]
27072304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll
27082304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000073a0000 'C:\Program Files (x86)\SogouInput\8.2.0.9094\Resource.dll'
27092304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27102304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27112304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27122304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
27132304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27142304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27152304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
27162304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
27172304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msimg32.dll'.
27182304.5764: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleacc.dll'.
27192304.5764: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll)
27202304.5764: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll
27212304.5764: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll [avoiding WinVerifyTrust]
27222304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
27232304.5d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27242304.5d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27252304.5d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27262304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
27272304.5d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
27282304.5764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
27292304.5d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27302304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27312304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
27322304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27332304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
27342304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27352304.5764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll
27362304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
27372304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27382304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27392304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
27402304.5764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
27412304.5d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27422304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27432304.5d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
27442304.5d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27452304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27462304.5764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27472304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27482304.5d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27492304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27502304.5764: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27512304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27522304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27532304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
27542304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
27552304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27562304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
27572304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27582304.5d40: supR3HardenedDllNotificationCallback: load 00007ffef2d80000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
27592304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27602304.5d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27612304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27622304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27632304.5d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2d80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
27642304.5764: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27652304.5764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
27662304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\Shell32.dll'
27672304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
27682304.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
27692304.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
27702304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27712304.7a8: supR3HardenedDllNotificationCallback: load 00007fff05080000 LB 0x00008000 C:\windows\system32\PSAPI.DLL [fFlags=0x0]
27722304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
27732304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05080000 'C:\windows\system32\PSAPI.DLL'
27742304.5764: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll'
27752304.5764: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll
27762304.5764: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27772304.5764: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll
27782304.5764: supR3HardenedDllNotificationCallback: load 00007ffedbe80000 LB 0x00236000 C:\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll [fFlags=0x0]
27792304.5764: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll
27802304.5764: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
27812304.5764: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (Input=advapi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27822304.5764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04f40000 'C:\windows\system32\advapi32.dll'
27832304.5764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedbe80000 'C:\Program Files (x86)\SogouInput\Components\PicFace\1.0.0.1630\PicFace64.dll'
27842304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
27852304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
27862304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27872304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27882304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27892304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
27902304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
27912304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
27922304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
27932304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
27942304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27952304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27962304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27972304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
27982304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27992304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28002304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28012304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
28022304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
28032304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28042304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28052304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28062304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28072304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28082304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28092304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28102304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28112304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28122304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04e70000 'C:\windows\system32\OLEAUT32.dll'
28132304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04e70000 'C:\windows\system32\OLEAUT32.DLL'
28142304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
28152304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
28162304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
28172304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
28182304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
28192304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28202304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28212304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28222304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
28232304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28242304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28252304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28262304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28272304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28282304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28292304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
28302304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
28312304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
28322304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28332304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28342304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28352304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
28362304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28372304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28382304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28392304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28402304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28412304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28422304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28432304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28442304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28452304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28462304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28472304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28482304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28492304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28502304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28512304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28522304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28532304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28542304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28552304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28562304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28572304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28582304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28592304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28602304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28612304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28622304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28632304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28642304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28652304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28662304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28672304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28682304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28692304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28702304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28712304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28722304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28732304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28742304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff05a00000 LB 0x00429000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
28752304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28762304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffed9100000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
28772304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28782304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffed90a0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
28792304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28802304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff01190000 LB 0x00038000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
28812304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28822304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffed07d0000 LB 0x009a7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
28832304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
28842304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed07d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
28852304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28862304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
28872304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28882304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1180000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
28892304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28902304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28912304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28922304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed90a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
28932304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28942304.5638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
28952304.5638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28962304.5638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28972304.5638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28982304.5638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28992304.5638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29002304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29012304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29022304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29032304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29042304.5638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29052304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29062304.5638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29072304.5638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29082304.5638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29092304.5638: supR3HardenedDllNotificationCallback: load 00007ffeef5b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
29102304.5638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29112304.5638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
29122304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29132304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29142304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01190000 'C:\windows\system32\Iphlpapi.dll'
29152304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
29162304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
29172304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
29182304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
29192304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff05890000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
29202304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
29212304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
29222304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff008d0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
29232304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
29242304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
29252304.5b6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
29262304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
29272304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeffc50000 LB 0x00016000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
29282304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
29292304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29302304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29312304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
29322304.5b6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
29332304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
29342304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeffb30000 LB 0x0001a000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
29352304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
29362304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
29372304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
29382304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
29392304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C17F0303B168A289D4B3188BF6BBF7F16DC9DFC8
29402304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29412304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29422304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29432304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29442304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29452304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29462304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29472304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29482304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29492304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29502304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29512304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29522304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29532304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29542304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29552304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29562304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29572304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_861_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29582304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29592304.5b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
29602304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f48 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
29612304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
29622304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
29632304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=682FFC7B3B2FF0DC22ECA63E16C9CB84D71361BF
29642304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29652304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
29662304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29672304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29682304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_861_for_KB3185614~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29692304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29702304.5b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
29712304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29722304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29732304.5b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
29742304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29752304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29762304.5b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
29772304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29782304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29792304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29802304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29812304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
29822304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29832304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29842304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29852304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29862304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29872304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29882304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29892304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29902304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff03620000 LB 0x0005c000 C:\windows\system32\mswsock.dll [fFlags=0x0]
29912304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
29922304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03620000 'C:\windows\system32\mswsock.dll'
29932304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001034 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
29942304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
29952304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
29962304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C46CF6D8C425A34B7EDE4E8FD0F2E4A8182CBB1
29972304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
29982304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
29992304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
30002304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30012304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30022304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
30032304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
30042304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
30052304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
30062304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
30072304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30082304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30092304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30102304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30112304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30122304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30132304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30142304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30152304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30162304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30172304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30182304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeda060000 LB 0x0009c000 C:\windows\System32\dsound.dll [fFlags=0x0]
30192304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30202304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30212304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30222304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeda060000 'C:\windows\System32\dsound.dll'
30232304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeda060000 'C:\windows\System32\dsound.dll'
30242304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30252304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30262304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeda060000 'C:\windows\system32\dsound.dll'
30272304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
30282304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
30292304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30302304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
30312304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
30322304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
30332304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30342304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30352304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
30362304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
30372304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
30382304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
30392304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30402304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
30412304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
30422304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
30432304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
30442304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
30452304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
30462304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30472304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30482304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30492304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30502304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30512304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30522304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
30532304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
30542304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30552304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
30562304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
30572304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
30582304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30592304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30602304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30612304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30622304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30632304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30642304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
30652304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
30662304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
30672304.5b6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
30682304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30692304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30702304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30712304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30722304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
30732304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30742304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff02710000 LB 0x00027000 C:\windows\System32\DEVOBJ.dll [fFlags=0x0]
30752304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
30762304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff00b50000 LB 0x00186000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
30772304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
30782304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffefeed0000 LB 0x00070000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
30792304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30802304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeed0000 'C:\windows\System32\MMDevApi.dll'
30812304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30822304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30832304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeed0000 'C:\windows\system32\MMDEVAPI.DLL'
30842304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30852304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30862304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
30872304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001044 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
30882304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
30892304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
30902304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E241BE9D4F52A26C9ED7BD86312051FE44DA417
30912304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
30922304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
30932304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
30942304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30952304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30962304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
30972304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
30982304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
30992304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
31002304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
31012304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
31022304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31032304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31042304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31052304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31062304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
31072304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
31082304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
31092304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
31102304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
31112304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
31122304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31132304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31142304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31152304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31162304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31172304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
31182304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
31192304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
31202304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
31212304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31222304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
31232304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
31242304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31252304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31262304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31272304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31282304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31292304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31302304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
31312304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
31322304.5b6c: supR3HardenedDllNotificationCallback: load 00007fff024d0000 LB 0x00008000 C:\windows\SYSTEM32\ksuser.dll [fFlags=0x0]
31332304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
31342304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeff590000 LB 0x0000b000 C:\windows\SYSTEM32\AVRT.dll [fFlags=0x0]
31352304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
31362304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeef520000 LB 0x00042000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
31372304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31382304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31392304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31402304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31412304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31422304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31432304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31442304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31452304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31462304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31472304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31482304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31492304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31502304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31512304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
31522304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
31532304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31542304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31552304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
31562304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
31572304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
31582304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31592304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31602304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31612304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31622304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31632304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31642304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31652304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31662304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31672304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31682304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31692304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31702304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31712304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
31722304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
31732304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
31742304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
31752304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffefe070000 LB 0x00136000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
31762304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
31772304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffeeec40000 LB 0x00088000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
31782304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31792304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeeec40000 'C:\windows\system32\AUDIOSES.DLL'
31802304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31812304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31822304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31832304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31842304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
31852304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31862304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31872304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
31882304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
31892304.5b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
31902304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31912304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31922304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31932304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
31942304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31952304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31962304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef520000 'C:\windows\system32\wdmaud.drv'
31972304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f54 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
31982304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
31992304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
32002304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E2C15A147F336A77E08F63DA2B7DC249BAC5291
32012304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
32022304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
32032304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
32042304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32052304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32062304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
32072304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
32082304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
32092304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
32102304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
32112304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32122304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32132304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32142304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32152304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32162304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
32172304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
32182304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
32192304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
32202304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32212304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
32222304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32232304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32242304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32252304.5b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32262304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32272304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32282304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32292304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32302304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32312304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32322304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32332304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffef2d30000 LB 0x0001c000 C:\windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
32342304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
32352304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffef3a30000 LB 0x0000c000 C:\windows\system32\msacm32.drv [fFlags=0x0]
32362304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32372304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32382304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32392304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32402304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32412304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32422304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32432304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32442304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32452304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32462304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32472304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32482304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32492304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32502304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32512304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32522304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32532304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
32542304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32552304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32562304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32572304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32582304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef3a30000 'C:\windows\system32\msacm32.drv'
32592304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001168 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
32602304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e2150
32612304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e2150
32622304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C5FAE1499C6920F25025123B65102443C15281
32632304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03360000 'C:\windows\system32\rsaenh.dll'
32642304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04020000 'C:\windows\system32\crypt32.dll'
32652304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
32662304.5b6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32672304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32682304.5b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
32692304.5b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
32702304.5b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
32712304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32722304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32732304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32742304.5b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32752304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32762304.5b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32772304.5b6c: supR3HardenedDllNotificationCallback: load 00007ffef2bd0000 LB 0x0000a000 C:\windows\system32\midimap.dll [fFlags=0x0]
32782304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32792304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2bd0000 'C:\windows\system32\midimap.dll'
32802304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32812304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32822304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2bd0000 'C:\windows\system32\midimap.dll'
32832304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32842304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32852304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2bd0000 'C:\windows\system32\midimap.dll'
32862304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
32872304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32882304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2bd0000 'C:\windows\system32\midimap.dll'
32892304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32902304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32912304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32922304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32932304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32942304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32952304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32962304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
32972304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32982304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32992304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeda060000 'C:\windows\system32\dsound.dll'
33002304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
33012304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
33022304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
33032304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
33042304.5b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
33052304.5b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33062304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeda060000 'C:\windows\system32\dsound.dll'
33072304.5b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff024a0000 'C:\windows\system32\winmm.dll'
33082304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
33092304.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
33102304.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33112304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
33122304.3e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33132304.3e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33142304.3e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff590000 'C:\windows\system32\avrt.dll'
33152304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'
33162304.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff05e30000 'C:\windows\system32\shell32.dll'

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette