Ticket #14642: VBoxStartup.log

File VBoxStartup.log, 289.8 KB (added by Jörg Hofmann, 9 years ago)
vb startup log

Line
1	a70.1c88: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000120 g_uNtVerCombined=0xa0280000
2	a70.1c88: \SystemRoot\System32\ntdll.dll:
3	a70.1c88: CreationTime: 2015-09-25T20:05:35.147044800Z
4	a70.1c88: LastWriteTime: 2015-08-08T07:29:58.168349600Z
5	a70.1c88: ChangeTime: 2015-09-25T20:22:15.663609100Z
6	a70.1c88: FileAttributes: 0x20
7	a70.1c88: Size: 0x1bce48
8	a70.1c88: NT Headers: 0xd8
9	a70.1c88: Timestamp: 0x55c59f92
10	a70.1c88: Machine: 0x8664 - amd64
11	a70.1c88: Timestamp: 0x55c59f92
12	a70.1c88: Image Version: 10.0
13	a70.1c88: SizeOfImage: 0x1c1000 (1839104)
14	a70.1c88: Resource Dir: 0x15a000 LB 0x65718
15	a70.1c88: ProductName: Microsoft® Windows® Operating System
16	a70.1c88: ProductVersion: 10.0.10240.16430
17	a70.1c88: FileVersion: 10.0.10240.16430 (th1.150807-2049)
18	a70.1c88: FileDescription: NT Layer DLL
19	a70.1c88: \SystemRoot\System32\kernel32.dll:
20	a70.1c88: CreationTime: 2015-07-10T10:59:59.699781600Z
21	a70.1c88: LastWriteTime: 2015-07-10T10:59:59.699781600Z
22	a70.1c88: ChangeTime: 2015-09-25T07:06:16.935797300Z
23	a70.1c88: FileAttributes: 0x20
24	a70.1c88: Size: 0xab830
25	a70.1c88: NT Headers: 0xf0
26	a70.1c88: Timestamp: 0x559f38ad
27	a70.1c88: Machine: 0x8664 - amd64
28	a70.1c88: Timestamp: 0x559f38ad
29	a70.1c88: Image Version: 10.0
30	a70.1c88: SizeOfImage: 0xad000 (708608)
31	a70.1c88: Resource Dir: 0xab000 LB 0x518
32	a70.1c88: ProductName: Microsoft® Windows® Operating System
33	a70.1c88: ProductVersion: 10.0.10240.16384
34	a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700)
35	a70.1c88: FileDescription: Windows NT BASE API Client DLL
36	a70.1c88: \SystemRoot\System32\KernelBase.dll:
37	a70.1c88: CreationTime: 2015-07-10T11:00:10.325689700Z
38	a70.1c88: LastWriteTime: 2015-07-10T11:00:10.325689700Z
39	a70.1c88: ChangeTime: 2015-09-25T07:06:16.998301400Z
40	a70.1c88: FileAttributes: 0x20
41	a70.1c88: Size: 0x1dc680
42	a70.1c88: NT Headers: 0x100
43	a70.1c88: Timestamp: 0x559f38c3
44	a70.1c88: Machine: 0x8664 - amd64
45	a70.1c88: Timestamp: 0x559f38c3
46	a70.1c88: Image Version: 10.0
47	a70.1c88: SizeOfImage: 0x1dd000 (1953792)
48	a70.1c88: Resource Dir: 0x1c7000 LB 0x530
49	a70.1c88: ProductName: Microsoft® Windows® Operating System
50	a70.1c88: ProductVersion: 10.0.10240.16384
51	a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700)
52	a70.1c88: FileDescription: Windows NT BASE API Client DLL
53	a70.1c88: \SystemRoot\System32\apisetschema.dll:
54	a70.1c88: CreationTime: 2015-07-10T11:00:04.872098600Z
55	a70.1c88: LastWriteTime: 2015-07-10T11:00:04.872098600Z
56	a70.1c88: ChangeTime: 2015-09-25T07:06:14.701298100Z
57	a70.1c88: FileAttributes: 0x20
58	a70.1c88: Size: 0x16760
59	a70.1c88: NT Headers: 0xc8
60	a70.1c88: Timestamp: 0x559f3e3d
61	a70.1c88: Machine: 0x8664 - amd64
62	a70.1c88: Timestamp: 0x559f3e3d
63	a70.1c88: Image Version: 10.0
64	a70.1c88: SizeOfImage: 0x17000 (94208)
65	a70.1c88: Resource Dir: 0x16000 LB 0x3f0
66	a70.1c88: ProductName: Microsoft® Windows® Operating System
67	a70.1c88: ProductVersion: 10.0.10240.16384
68	a70.1c88: FileVersion: 10.0.10240.16384 (th1.150709-1700)
69	a70.1c88: FileDescription: ApiSet Schema DLL
70	a70.1c88: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71	a70.1c88: supR3HardenedWinFindAdversaries: 0x100
72	a70.1c88: \SystemRoot\System32\drivers\avgrkx64.sys:
73	a70.1c88: CreationTime: 2015-03-20T10:18:18.000000000Z
74	a70.1c88: LastWriteTime: 2015-03-20T10:18:18.000000000Z
75	a70.1c88: ChangeTime: 2015-09-25T06:34:23.860789900Z
76	a70.1c88: FileAttributes: 0x20
77	a70.1c88: Size: 0x9fe0
78	a70.1c88: NT Headers: 0xe8
79	a70.1c88: Timestamp: 0x550bf3e7
80	a70.1c88: Machine: 0x8664 - amd64
81	a70.1c88: Timestamp: 0x550bf3e7
82	a70.1c88: Image Version: 6.2
83	a70.1c88: SizeOfImage: 0xa000 (40960)
84	a70.1c88: Resource Dir: 0x9000 LB 0x510
85	a70.1c88: ProductName: AVG Internet Security
86	a70.1c88: ProductVersion: 15.0.0.5908
87	a70.1c88: FileVersion: 15.0.0.5908
88	a70.1c88: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av
89	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
90	a70.1c88: FileDescription: AVG Anti-Rootkit Driver
91	a70.1c88: \SystemRoot\System32\drivers\avgmfx64.sys:
92	a70.1c88: CreationTime: 2015-08-04T09:32:32.000000000Z
93	a70.1c88: LastWriteTime: 2015-08-04T09:32:32.000000000Z
94	a70.1c88: ChangeTime: 2015-09-25T06:34:25.407743600Z
95	a70.1c88: FileAttributes: 0x20
96	a70.1c88: Size: 0x3d3b0
97	a70.1c88: NT Headers: 0xe0
98	a70.1c88: Timestamp: 0x55c086ac
99	a70.1c88: Machine: 0x8664 - amd64
100	a70.1c88: Timestamp: 0x55c086ac
101	a70.1c88: Image Version: 6.2
102	a70.1c88: SizeOfImage: 0x3e000 (253952)
103	a70.1c88: Resource Dir: 0x3c000 LB 0x52c
104	a70.1c88: ProductName: AVG Internet Security
105	a70.1c88: ProductVersion: 15.0.0.6132
106	a70.1c88: FileVersion: 15.0.0.6132
107	a70.1c88: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av
108	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
109	a70.1c88: FileDescription: AVG Resident Shield Minifilter Driver
110	a70.1c88: \SystemRoot\System32\drivers\avgidsdrivera.sys:
111	a70.1c88: CreationTime: 2015-08-19T09:52:30.000000000Z
112	a70.1c88: LastWriteTime: 2015-08-19T09:52:30.000000000Z
113	a70.1c88: ChangeTime: 2015-09-25T06:34:26.104269300Z
114	a70.1c88: FileAttributes: 0x20
115	a70.1c88: Size: 0x4c7b0
116	a70.1c88: NT Headers: 0xe8
117	a70.1c88: Timestamp: 0x55d451da
118	a70.1c88: Machine: 0x8664 - amd64
119	a70.1c88: Timestamp: 0x55d451da
120	a70.1c88: Image Version: 6.2
121	a70.1c88: SizeOfImage: 0x53000 (339968)
122	a70.1c88: Resource Dir: 0x51000 LB 0x554
123	a70.1c88: ProductName: AVG Internet Security
124	a70.1c88: ProductVersion: 15.0.0.6137
125	a70.1c88: FileVersion: 15.0.0.6137
126	a70.1c88: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
127	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
128	a70.1c88: FileDescription: AVG IDS Application Activity Monitor Driver.
129	a70.1c88: \SystemRoot\System32\drivers\avgidsha.sys:
130	a70.1c88: CreationTime: 2015-08-19T09:53:56.000000000Z
131	a70.1c88: LastWriteTime: 2015-08-19T09:53:56.000000000Z
132	a70.1c88: ChangeTime: 2015-09-25T06:34:26.026140600Z
133	a70.1c88: FileAttributes: 0x20
134	a70.1c88: Size: 0x48bb0
135	a70.1c88: NT Headers: 0xd8
136	a70.1c88: Timestamp: 0x55d45230
137	a70.1c88: Machine: 0x8664 - amd64
138	a70.1c88: Timestamp: 0x55d45230
139	a70.1c88: Image Version: 6.2
140	a70.1c88: SizeOfImage: 0x49000 (299008)
141	a70.1c88: Resource Dir: 0x47000 LB 0x548
142	a70.1c88: ProductName: AVG Internet Security
143	a70.1c88: ProductVersion: 15.0.0.6137
144	a70.1c88: FileVersion: 15.0.0.6137
145	a70.1c88: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
146	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
147	a70.1c88: FileDescription: AVG Application Activity Monitor Helper Driver
148	a70.1c88: \SystemRoot\System32\drivers\avgloga.sys:
149	a70.1c88: CreationTime: 2015-05-07T11:50:22.000000000Z
150	a70.1c88: LastWriteTime: 2015-05-07T11:50:22.000000000Z
151	a70.1c88: ChangeTime: 2015-09-25T06:34:23.767034300Z
152	a70.1c88: FileAttributes: 0x20
153	a70.1c88: Size: 0x5c5e0
154	a70.1c88: NT Headers: 0xf0
155	a70.1c88: Timestamp: 0x554b5179
156	a70.1c88: Machine: 0x8664 - amd64
157	a70.1c88: Timestamp: 0x554b5179
158	a70.1c88: Image Version: 6.2
159	a70.1c88: SizeOfImage: 0x5b000 (372736)
160	a70.1c88: Resource Dir: 0x59000 LB 0x4ec
161	a70.1c88: ProductName: AVG Internet Security
162	a70.1c88: ProductVersion: 15.0.0.5957
163	a70.1c88: FileVersion: 15.0.0.5957
164	a70.1c88: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av
165	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
166	a70.1c88: FileDescription: AVG Logging Driver
167	a70.1c88: \SystemRoot\System32\drivers\avgldx64.sys:
168	a70.1c88: CreationTime: 2015-06-16T13:55:04.000000000Z
169	a70.1c88: LastWriteTime: 2015-06-16T13:55:04.000000000Z
170	a70.1c88: ChangeTime: 2015-09-25T06:34:23.970170200Z
171	a70.1c88: FileAttributes: 0x20
172	a70.1c88: Size: 0x3f3e0
173	a70.1c88: NT Headers: 0xe0
174	a70.1c88: Timestamp: 0x55802aaf
175	a70.1c88: Machine: 0x8664 - amd64
176	a70.1c88: Timestamp: 0x55802aaf
177	a70.1c88: Image Version: 6.2
178	a70.1c88: SizeOfImage: 0x42000 (270336)
179	a70.1c88: Resource Dir: 0x40000 LB 0x50c
180	a70.1c88: ProductName: AVG Internet Security
181	a70.1c88: ProductVersion: 15.0.0.6055
182	a70.1c88: FileVersion: 15.0.0.6055
183	a70.1c88: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av
184	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
185	a70.1c88: FileDescription: AVG AVI Loader Driver
186	a70.1c88: \SystemRoot\System32\drivers\avgdiska.sys:
187	a70.1c88: CreationTime: 2015-03-11T10:16:06.000000000Z
188	a70.1c88: LastWriteTime: 2015-03-11T10:16:06.000000000Z
189	a70.1c88: ChangeTime: 2015-09-25T06:34:26.307403800Z
190	a70.1c88: FileAttributes: 0x20
191	a70.1c88: Size: 0x27be0
192	a70.1c88: NT Headers: 0xe0
193	a70.1c88: Timestamp: 0x550015e3
194	a70.1c88: Machine: 0x8664 - amd64
195	a70.1c88: Timestamp: 0x550015e3
196	a70.1c88: Image Version: 6.2
197	a70.1c88: SizeOfImage: 0x29000 (167936)
198	a70.1c88: Resource Dir: 0x27000 LB 0x4e0
199	a70.1c88: ProductName: AVG Internet Security
200	a70.1c88: ProductVersion: 15.0.0.5902
201	a70.1c88: FileVersion: 15.0.0.5902
202	a70.1c88: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av
203	a70.1c88: PrivateBuild: x64 Release_Unicode_DRIVER
204	a70.1c88: FileDescription: AVG File Vault Driver
205	a70.1c88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
206	a70.1c88: Calling main()
207	a70.1c88: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
208	a70.1c88: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
209	a70.1c88: SUPR3HardenedMain: Respawn #1
210	a70.1c88: System32: \Device\HarddiskVolume5\Windows\System32
211	a70.1c88: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
212	a70.1c88: KnownDllPath: C:\WINDOWS\system32
213	a70.1c88: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
214	a70.1c88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
215	a70.1c88: supR3HardNtEnableThreadCreation:
216	a70.1c88: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20
217	a70.1c88: supR3HardenedWinDoReSpawn(1): New child 26dc.3020 [kernel32].
218	a70.1c88: supR3HardNtChildGatherData: PebBaseAddress=00007ff654adb000 cbPeb=0x388
219	a70.1c88: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc43e60000 uNtDllChildAddr=00007ffc43e60000
220	a70.1c88: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc43ecfb70
221	a70.1c88: supR3HardenedWinSetupChildInit: Start child.
222	a70.1c88: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
223	a70.1c88: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
224	a70.1c88: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
225	a70.1c88: *0000000000000000-ffffffffff34ffff 0x0001/0x0000 0x0000000
226	a70.1c88: *0000000000cb0000-0000000000c8ffff 0x0004/0x0004 0x0020000
227	a70.1c88: *0000000000cd0000-0000000000cbbfff 0x0002/0x0002 0x0040000
228	a70.1c88: 0000000000ce4000-0000000000cd7fff 0x0001/0x0000 0x0000000
229	a70.1c88: *0000000000cf0000-0000000000bf3fff 0x0000/0x0004 0x0020000
230	a70.1c88: 0000000000dec000-0000000000de8fff 0x0104/0x0004 0x0020000
231	a70.1c88: 0000000000def000-0000000000dedfff 0x0004/0x0004 0x0020000
232	a70.1c88: *0000000000df0000-0000000000debfff 0x0002/0x0002 0x0040000
233	a70.1c88: 0000000000df4000-0000000000de7fff 0x0001/0x0000 0x0000000
234	a70.1c88: *0000000000e00000-0000000000dfdfff 0x0004/0x0004 0x0020000
235	a70.1c88: 0000000000e02000-ffffffff81c23fff 0x0001/0x0000 0x0000000
236	a70.1c88: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
237	a70.1c88: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
238	a70.1c88: 000000007fff0000-ffff800aab52ffff 0x0001/0x0000 0x0000000
239	a70.1c88: *00007ff654ab0000-00007ff654a8cfff 0x0002/0x0002 0x0040000
240	a70.1c88: 00007ff654ad3000-00007ff654acafff 0x0001/0x0000 0x0000000
241	a70.1c88: *00007ff654adb000-00007ff654ad9fff 0x0004/0x0004 0x0020000
242	a70.1c88: 00007ff654adc000-00007ff654ad9fff 0x0001/0x0000 0x0000000
243	a70.1c88: *00007ff654ade000-00007ff654adbfff 0x0004/0x0004 0x0020000
244	a70.1c88: 00007ff654ae0000-00007ff653bcffff 0x0001/0x0000 0x0000000
245	a70.1c88: *00007ff6559f0000-00007ff6559f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
246	a70.1c88: 00007ff6559f1000-00007ff655a77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
247	a70.1c88: 00007ff655a78000-00007ff655a78fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
248	a70.1c88: 00007ff655a79000-00007ff655ac3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
249	a70.1c88: 00007ff655ac4000-00007ff655ac4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
250	a70.1c88: 00007ff655ac5000-00007ff655ac5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
251	a70.1c88: 00007ff655ac6000-00007ff655acafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
252	a70.1c88: 00007ff655acb000-00007ff655acbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
253	a70.1c88: 00007ff655acc000-00007ff655accfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
254	a70.1c88: 00007ff655acd000-00007ff655ad0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
255	a70.1c88: 00007ff655ad1000-00007ff655b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
256	a70.1c88: 00007ff655b1c000-00007ff0677d7fff 0x0001/0x0000 0x0000000
257	a70.1c88: *00007ffc43e60000-00007ffc43e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
258	a70.1c88: 00007ffc43e61000-00007ffc43f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
259	a70.1c88: 00007ffc43f5d000-00007ffc43f9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
260	a70.1c88: 00007ffc43f9f000-00007ffc43fa7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
261	a70.1c88: 00007ffc43fa8000-00007ffc43fb5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
262	a70.1c88: 00007ffc43fb6000-00007ffc43fb6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
263	a70.1c88: 00007ffc43fb7000-00007ffc43fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
264	a70.1c88: 00007ffc43fba000-00007ffc44020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
265	a70.1c88: 00007ffc44021000-00007ff888061fff 0x0001/0x0000 0x0000000
266	a70.1c88: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
267	a70.1c88: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS)
268	a70.1c88: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
269	a70.1c88: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
270	a70.1c88: supR3HardNtChildPurify: Done after 625 ms and 0 fixes (loop #0).
271	26dc.3020: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
272	a70.1c88: supR3HardNtEnableThreadCreation:
273	26dc.3020: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc43e60000
274	26dc.3020: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
275	26dc.3020: New simple heap: #1 0000000000f10000 LB 0x400000 (for 1839104 allocation)
276	26dc.3020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
277	26dc.3020: System32: \Device\HarddiskVolume5\Windows\System32
278	26dc.3020: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
279	26dc.3020: KnownDllPath: C:\WINDOWS\system32
280	26dc.3020: supR3HardenedVmProcessInit: Opening vboxdrv stub...
281	26dc.3020: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
282	26dc.3020: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
283	26dc.3020: Registered Dll notification callback with NTDLL.
284	26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
285	26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
286	26dc.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
287	26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc3ffe0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
288	26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
289	26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
290	26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc426a0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
291	26dc.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
292	26dc.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\KERNEL32.DLL'
293	26dc.3020: supR3HardenedDllNotificationCallback: load 00007ff6559f0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
294	26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
295	26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
296	26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
297	26dc.3020: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20
298	a70.1c88: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 282 ms.
299	26dc.3020: \SystemRoot\System32\ntdll.dll:
300	26dc.3020: CreationTime: 2015-09-25T20:05:35.147044800Z
301	26dc.3020: LastWriteTime: 2015-08-08T07:29:58.168349600Z
302	26dc.3020: ChangeTime: 2015-09-25T20:22:15.663609100Z
303	26dc.3020: FileAttributes: 0x20
304	26dc.3020: Size: 0x1bce48
305	26dc.3020: NT Headers: 0xd8
306	26dc.3020: Timestamp: 0x55c59f92
307	26dc.3020: Machine: 0x8664 - amd64
308	26dc.3020: Timestamp: 0x55c59f92
309	26dc.3020: Image Version: 10.0
310	26dc.3020: SizeOfImage: 0x1c1000 (1839104)
311	26dc.3020: Resource Dir: 0x15a000 LB 0x65718
312	26dc.3020: ProductName: Microsoft® Windows® Operating System
313	26dc.3020: ProductVersion: 10.0.10240.16430
314	26dc.3020: FileVersion: 10.0.10240.16430 (th1.150807-2049)
315	26dc.3020: FileDescription: NT Layer DLL
316	26dc.3020: \SystemRoot\System32\kernel32.dll:
317	26dc.3020: CreationTime: 2015-07-10T10:59:59.699781600Z
318	26dc.3020: LastWriteTime: 2015-07-10T10:59:59.699781600Z
319	26dc.3020: ChangeTime: 2015-09-25T07:06:16.935797300Z
320	26dc.3020: FileAttributes: 0x20
321	26dc.3020: Size: 0xab830
322	26dc.3020: NT Headers: 0xf0
323	26dc.3020: Timestamp: 0x559f38ad
324	26dc.3020: Machine: 0x8664 - amd64
325	26dc.3020: Timestamp: 0x559f38ad
326	26dc.3020: Image Version: 10.0
327	26dc.3020: SizeOfImage: 0xad000 (708608)
328	26dc.3020: Resource Dir: 0xab000 LB 0x518
329	26dc.3020: ProductName: Microsoft® Windows® Operating System
330	26dc.3020: ProductVersion: 10.0.10240.16384
331	26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700)
332	26dc.3020: FileDescription: Windows NT BASE API Client DLL
333	26dc.3020: \SystemRoot\System32\KernelBase.dll:
334	26dc.3020: CreationTime: 2015-07-10T11:00:10.325689700Z
335	26dc.3020: LastWriteTime: 2015-07-10T11:00:10.325689700Z
336	26dc.3020: ChangeTime: 2015-09-25T07:06:16.998301400Z
337	26dc.3020: FileAttributes: 0x20
338	26dc.3020: Size: 0x1dc680
339	26dc.3020: NT Headers: 0x100
340	26dc.3020: Timestamp: 0x559f38c3
341	26dc.3020: Machine: 0x8664 - amd64
342	26dc.3020: Timestamp: 0x559f38c3
343	26dc.3020: Image Version: 10.0
344	26dc.3020: SizeOfImage: 0x1dd000 (1953792)
345	26dc.3020: Resource Dir: 0x1c7000 LB 0x530
346	26dc.3020: ProductName: Microsoft® Windows® Operating System
347	26dc.3020: ProductVersion: 10.0.10240.16384
348	26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700)
349	26dc.3020: FileDescription: Windows NT BASE API Client DLL
350	26dc.3020: \SystemRoot\System32\apisetschema.dll:
351	26dc.3020: CreationTime: 2015-07-10T11:00:04.872098600Z
352	26dc.3020: LastWriteTime: 2015-07-10T11:00:04.872098600Z
353	26dc.3020: ChangeTime: 2015-09-25T07:06:14.701298100Z
354	26dc.3020: FileAttributes: 0x20
355	26dc.3020: Size: 0x16760
356	26dc.3020: NT Headers: 0xc8
357	26dc.3020: Timestamp: 0x559f3e3d
358	26dc.3020: Machine: 0x8664 - amd64
359	26dc.3020: Timestamp: 0x559f3e3d
360	26dc.3020: Image Version: 10.0
361	26dc.3020: SizeOfImage: 0x17000 (94208)
362	26dc.3020: Resource Dir: 0x16000 LB 0x3f0
363	26dc.3020: ProductName: Microsoft® Windows® Operating System
364	26dc.3020: ProductVersion: 10.0.10240.16384
365	26dc.3020: FileVersion: 10.0.10240.16384 (th1.150709-1700)
366	26dc.3020: FileDescription: ApiSet Schema DLL
367	26dc.3020: NtOpenDirectoryObject failed on \Driver: 0xc0000022
368	26dc.3020: supR3HardenedWinFindAdversaries: 0x100
369	26dc.3020: \SystemRoot\System32\drivers\avgrkx64.sys:
370	26dc.3020: CreationTime: 2015-03-20T10:18:18.000000000Z
371	26dc.3020: LastWriteTime: 2015-03-20T10:18:18.000000000Z
372	26dc.3020: ChangeTime: 2015-09-25T06:34:23.860789900Z
373	26dc.3020: FileAttributes: 0x20
374	26dc.3020: Size: 0x9fe0
375	26dc.3020: NT Headers: 0xe8
376	26dc.3020: Timestamp: 0x550bf3e7
377	26dc.3020: Machine: 0x8664 - amd64
378	26dc.3020: Timestamp: 0x550bf3e7
379	26dc.3020: Image Version: 6.2
380	26dc.3020: SizeOfImage: 0xa000 (40960)
381	26dc.3020: Resource Dir: 0x9000 LB 0x510
382	26dc.3020: ProductName: AVG Internet Security
383	26dc.3020: ProductVersion: 15.0.0.5908
384	26dc.3020: FileVersion: 15.0.0.5908
385	26dc.3020: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av
386	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
387	26dc.3020: FileDescription: AVG Anti-Rootkit Driver
388	26dc.3020: \SystemRoot\System32\drivers\avgmfx64.sys:
389	26dc.3020: CreationTime: 2015-08-04T09:32:32.000000000Z
390	26dc.3020: LastWriteTime: 2015-08-04T09:32:32.000000000Z
391	26dc.3020: ChangeTime: 2015-09-25T06:34:25.407743600Z
392	26dc.3020: FileAttributes: 0x20
393	26dc.3020: Size: 0x3d3b0
394	26dc.3020: NT Headers: 0xe0
395	26dc.3020: Timestamp: 0x55c086ac
396	26dc.3020: Machine: 0x8664 - amd64
397	26dc.3020: Timestamp: 0x55c086ac
398	26dc.3020: Image Version: 6.2
399	26dc.3020: SizeOfImage: 0x3e000 (253952)
400	26dc.3020: Resource Dir: 0x3c000 LB 0x52c
401	26dc.3020: ProductName: AVG Internet Security
402	26dc.3020: ProductVersion: 15.0.0.6132
403	26dc.3020: FileVersion: 15.0.0.6132
404	26dc.3020: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av
405	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
406	26dc.3020: FileDescription: AVG Resident Shield Minifilter Driver
407	26dc.3020: \SystemRoot\System32\drivers\avgidsdrivera.sys:
408	26dc.3020: CreationTime: 2015-08-19T09:52:30.000000000Z
409	26dc.3020: LastWriteTime: 2015-08-19T09:52:30.000000000Z
410	26dc.3020: ChangeTime: 2015-09-25T06:34:26.104269300Z
411	26dc.3020: FileAttributes: 0x20
412	26dc.3020: Size: 0x4c7b0
413	26dc.3020: NT Headers: 0xe8
414	26dc.3020: Timestamp: 0x55d451da
415	26dc.3020: Machine: 0x8664 - amd64
416	26dc.3020: Timestamp: 0x55d451da
417	26dc.3020: Image Version: 6.2
418	26dc.3020: SizeOfImage: 0x53000 (339968)
419	26dc.3020: Resource Dir: 0x51000 LB 0x554
420	26dc.3020: ProductName: AVG Internet Security
421	26dc.3020: ProductVersion: 15.0.0.6137
422	26dc.3020: FileVersion: 15.0.0.6137
423	26dc.3020: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
424	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
425	26dc.3020: FileDescription: AVG IDS Application Activity Monitor Driver.
426	26dc.3020: \SystemRoot\System32\drivers\avgidsha.sys:
427	26dc.3020: CreationTime: 2015-08-19T09:53:56.000000000Z
428	26dc.3020: LastWriteTime: 2015-08-19T09:53:56.000000000Z
429	26dc.3020: ChangeTime: 2015-09-25T06:34:26.026140600Z
430	26dc.3020: FileAttributes: 0x20
431	26dc.3020: Size: 0x48bb0
432	26dc.3020: NT Headers: 0xd8
433	26dc.3020: Timestamp: 0x55d45230
434	26dc.3020: Machine: 0x8664 - amd64
435	26dc.3020: Timestamp: 0x55d45230
436	26dc.3020: Image Version: 6.2
437	26dc.3020: SizeOfImage: 0x49000 (299008)
438	26dc.3020: Resource Dir: 0x47000 LB 0x548
439	26dc.3020: ProductName: AVG Internet Security
440	26dc.3020: ProductVersion: 15.0.0.6137
441	26dc.3020: FileVersion: 15.0.0.6137
442	26dc.3020: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
443	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
444	26dc.3020: FileDescription: AVG Application Activity Monitor Helper Driver
445	26dc.3020: \SystemRoot\System32\drivers\avgloga.sys:
446	26dc.3020: CreationTime: 2015-05-07T11:50:22.000000000Z
447	26dc.3020: LastWriteTime: 2015-05-07T11:50:22.000000000Z
448	26dc.3020: ChangeTime: 2015-09-25T06:34:23.767034300Z
449	26dc.3020: FileAttributes: 0x20
450	26dc.3020: Size: 0x5c5e0
451	26dc.3020: NT Headers: 0xf0
452	26dc.3020: Timestamp: 0x554b5179
453	26dc.3020: Machine: 0x8664 - amd64
454	26dc.3020: Timestamp: 0x554b5179
455	26dc.3020: Image Version: 6.2
456	26dc.3020: SizeOfImage: 0x5b000 (372736)
457	26dc.3020: Resource Dir: 0x59000 LB 0x4ec
458	26dc.3020: ProductName: AVG Internet Security
459	26dc.3020: ProductVersion: 15.0.0.5957
460	26dc.3020: FileVersion: 15.0.0.5957
461	26dc.3020: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av
462	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
463	26dc.3020: FileDescription: AVG Logging Driver
464	26dc.3020: \SystemRoot\System32\drivers\avgldx64.sys:
465	26dc.3020: CreationTime: 2015-06-16T13:55:04.000000000Z
466	26dc.3020: LastWriteTime: 2015-06-16T13:55:04.000000000Z
467	26dc.3020: ChangeTime: 2015-09-25T06:34:23.970170200Z
468	26dc.3020: FileAttributes: 0x20
469	26dc.3020: Size: 0x3f3e0
470	26dc.3020: NT Headers: 0xe0
471	26dc.3020: Timestamp: 0x55802aaf
472	26dc.3020: Machine: 0x8664 - amd64
473	26dc.3020: Timestamp: 0x55802aaf
474	26dc.3020: Image Version: 6.2
475	26dc.3020: SizeOfImage: 0x42000 (270336)
476	26dc.3020: Resource Dir: 0x40000 LB 0x50c
477	26dc.3020: ProductName: AVG Internet Security
478	26dc.3020: ProductVersion: 15.0.0.6055
479	26dc.3020: FileVersion: 15.0.0.6055
480	26dc.3020: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av
481	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
482	26dc.3020: FileDescription: AVG AVI Loader Driver
483	26dc.3020: \SystemRoot\System32\drivers\avgdiska.sys:
484	26dc.3020: CreationTime: 2015-03-11T10:16:06.000000000Z
485	26dc.3020: LastWriteTime: 2015-03-11T10:16:06.000000000Z
486	26dc.3020: ChangeTime: 2015-09-25T06:34:26.307403800Z
487	26dc.3020: FileAttributes: 0x20
488	26dc.3020: Size: 0x27be0
489	26dc.3020: NT Headers: 0xe0
490	26dc.3020: Timestamp: 0x550015e3
491	26dc.3020: Machine: 0x8664 - amd64
492	26dc.3020: Timestamp: 0x550015e3
493	26dc.3020: Image Version: 6.2
494	26dc.3020: SizeOfImage: 0x29000 (167936)
495	26dc.3020: Resource Dir: 0x27000 LB 0x4e0
496	26dc.3020: ProductName: AVG Internet Security
497	26dc.3020: ProductVersion: 15.0.0.5902
498	26dc.3020: FileVersion: 15.0.0.5902
499	26dc.3020: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av
500	26dc.3020: PrivateBuild: x64 Release_Unicode_DRIVER
501	26dc.3020: FileDescription: AVG File Vault Driver
502	26dc.3020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
503	26dc.3020: Calling main()
504	26dc.3020: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
505	26dc.3020: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
506	26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
507	26dc.3020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
508	26dc.3020: SUPR3HardenedMain: Respawn #2
509	26dc.3020: supR3HardNtEnableThreadCreation:
510	26dc.3020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\apphelp.dll)
511	26dc.3020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\apphelp.dll
512	26dc.3020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
513	26dc.3020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
514	26dc.3020: supR3HardenedDllNotificationCallback: load 00007ffc3dc30000 LB 0x00078000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
515	26dc.3020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
516	26dc.3020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\system32\apphelp.dll'
517	26dc.3020: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20
518	26dc.3020: supR3HardenedWinDoReSpawn(2): New child 2498.2eb4 [kernel32].
519	26dc.3020: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
520	26dc.3020: supR3HardNtChildGatherData: PebBaseAddress=00007ff654acf000 cbPeb=0x388
521	26dc.3020: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc43e60000 uNtDllChildAddr=00007ffc43e60000
522	26dc.3020: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc43ecfb70
523	26dc.3020: supR3HardenedWinSetupChildInit: Start child.
524	26dc.3020: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
525	26dc.3020: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
526	26dc.3020: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
527	26dc.3020: *0000000000000000-ffffffffff47ffff 0x0001/0x0000 0x0000000
528	26dc.3020: *0000000000b80000-0000000000b5ffff 0x0004/0x0004 0x0020000
529	26dc.3020: *0000000000ba0000-0000000000b8bfff 0x0002/0x0002 0x0040000
530	26dc.3020: 0000000000bb4000-0000000000ba7fff 0x0001/0x0000 0x0000000
531	26dc.3020: *0000000000bc0000-0000000000ac3fff 0x0000/0x0004 0x0020000
532	26dc.3020: 0000000000cbc000-0000000000cb8fff 0x0104/0x0004 0x0020000
533	26dc.3020: 0000000000cbf000-0000000000cbdfff 0x0004/0x0004 0x0020000
534	26dc.3020: *0000000000cc0000-0000000000cbbfff 0x0002/0x0002 0x0040000
535	26dc.3020: 0000000000cc4000-0000000000cb7fff 0x0001/0x0000 0x0000000
536	26dc.3020: *0000000000cd0000-0000000000ccdfff 0x0004/0x0004 0x0020000
537	26dc.3020: 0000000000cd2000-ffffffff819c3fff 0x0001/0x0000 0x0000000
538	26dc.3020: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
539	26dc.3020: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
540	26dc.3020: 000000007fff0000-ffff800aab53ffff 0x0001/0x0000 0x0000000
541	26dc.3020: *00007ff654aa0000-00007ff654a7cfff 0x0002/0x0002 0x0040000
542	26dc.3020: 00007ff654ac3000-00007ff654ab8fff 0x0001/0x0000 0x0000000
543	26dc.3020: *00007ff654acd000-00007ff654acafff 0x0004/0x0004 0x0020000
544	26dc.3020: *00007ff654acf000-00007ff654acdfff 0x0004/0x0004 0x0020000
545	26dc.3020: 00007ff654ad0000-00007ff653baffff 0x0001/0x0000 0x0000000
546	26dc.3020: *00007ff6559f0000-00007ff6559f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
547	26dc.3020: 00007ff6559f1000-00007ff655a77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
548	26dc.3020: 00007ff655a78000-00007ff655a78fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
549	26dc.3020: 00007ff655a79000-00007ff655ac3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
550	26dc.3020: 00007ff655ac4000-00007ff655ac4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
551	26dc.3020: 00007ff655ac5000-00007ff655ac5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
552	26dc.3020: 00007ff655ac6000-00007ff655acafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
553	26dc.3020: 00007ff655acb000-00007ff655acbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
554	26dc.3020: 00007ff655acc000-00007ff655accfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
555	26dc.3020: 00007ff655acd000-00007ff655ad0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
556	26dc.3020: 00007ff655ad1000-00007ff655b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
557	26dc.3020: 00007ff655b1c000-00007ff0677d7fff 0x0001/0x0000 0x0000000
558	26dc.3020: *00007ffc43e60000-00007ffc43e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
559	26dc.3020: 00007ffc43e61000-00007ffc43f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
560	26dc.3020: 00007ffc43f5d000-00007ffc43f9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
561	26dc.3020: 00007ffc43f9f000-00007ffc43fa7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
562	26dc.3020: 00007ffc43fa8000-00007ffc43fb5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
563	26dc.3020: 00007ffc43fb6000-00007ffc43fb6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
564	26dc.3020: 00007ffc43fb7000-00007ffc43fb9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
565	26dc.3020: 00007ffc43fba000-00007ffc44020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
566	26dc.3020: 00007ffc44021000-00007ff888061fff 0x0001/0x0000 0x0000000
567	26dc.3020: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
568	26dc.3020: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS)
569	26dc.3020: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
570	26dc.3020: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
571	26dc.3020: supR3HardNtChildPurify: Done after 625 ms and 0 fixes (loop #0).
572	2498.2eb4: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
573	2498.2eb4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc43e60000
574	26dc.3020: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f10000 LB 0x400000)
575	26dc.3020: supR3HardNtEnableThreadCreation:
576	2498.2eb4: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
577	2498.2eb4: New simple heap: #1 0000000000de0000 LB 0x400000 (for 1839104 allocation)
578	2498.2eb4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
579	2498.2eb4: System32: \Device\HarddiskVolume5\Windows\System32
580	2498.2eb4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
581	2498.2eb4: KnownDllPath: C:\WINDOWS\system32
582	2498.2eb4: supR3HardenedVmProcessInit: Opening vboxdrv...
583	2498.2eb4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
584	2498.2eb4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
585	2498.2eb4: Registered Dll notification callback with NTDLL.
586	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
587	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
588	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
589	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ffe0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
590	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
591	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
592	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc426a0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
593	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
594	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\KERNEL32.DLL'
595	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ff6559f0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
596	2498.2eb4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
597	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
598	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
599	2498.2eb4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc43ecfb70 pvNtTerminateThread=00007ffc43ef3a20
600	26dc.3020: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 313 ms.
601	2498.2eb4: \SystemRoot\System32\ntdll.dll:
602	2498.2eb4: CreationTime: 2015-09-25T20:05:35.147044800Z
603	2498.2eb4: LastWriteTime: 2015-08-08T07:29:58.168349600Z
604	2498.2eb4: ChangeTime: 2015-09-25T20:22:15.663609100Z
605	2498.2eb4: FileAttributes: 0x20
606	2498.2eb4: Size: 0x1bce48
607	2498.2eb4: NT Headers: 0xd8
608	2498.2eb4: Timestamp: 0x55c59f92
609	2498.2eb4: Machine: 0x8664 - amd64
610	2498.2eb4: Timestamp: 0x55c59f92
611	2498.2eb4: Image Version: 10.0
612	2498.2eb4: SizeOfImage: 0x1c1000 (1839104)
613	2498.2eb4: Resource Dir: 0x15a000 LB 0x65718
614	2498.2eb4: ProductName: Microsoft® Windows® Operating System
615	2498.2eb4: ProductVersion: 10.0.10240.16430
616	2498.2eb4: FileVersion: 10.0.10240.16430 (th1.150807-2049)
617	2498.2eb4: FileDescription: NT Layer DLL
618	2498.2eb4: \SystemRoot\System32\kernel32.dll:
619	2498.2eb4: CreationTime: 2015-07-10T10:59:59.699781600Z
620	2498.2eb4: LastWriteTime: 2015-07-10T10:59:59.699781600Z
621	2498.2eb4: ChangeTime: 2015-09-25T07:06:16.935797300Z
622	2498.2eb4: FileAttributes: 0x20
623	2498.2eb4: Size: 0xab830
624	2498.2eb4: NT Headers: 0xf0
625	2498.2eb4: Timestamp: 0x559f38ad
626	2498.2eb4: Machine: 0x8664 - amd64
627	2498.2eb4: Timestamp: 0x559f38ad
628	2498.2eb4: Image Version: 10.0
629	2498.2eb4: SizeOfImage: 0xad000 (708608)
630	2498.2eb4: Resource Dir: 0xab000 LB 0x518
631	2498.2eb4: ProductName: Microsoft® Windows® Operating System
632	2498.2eb4: ProductVersion: 10.0.10240.16384
633	2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
634	2498.2eb4: FileDescription: Windows NT BASE API Client DLL
635	2498.2eb4: \SystemRoot\System32\KernelBase.dll:
636	2498.2eb4: CreationTime: 2015-07-10T11:00:10.325689700Z
637	2498.2eb4: LastWriteTime: 2015-07-10T11:00:10.325689700Z
638	2498.2eb4: ChangeTime: 2015-09-25T07:06:16.998301400Z
639	2498.2eb4: FileAttributes: 0x20
640	2498.2eb4: Size: 0x1dc680
641	2498.2eb4: NT Headers: 0x100
642	2498.2eb4: Timestamp: 0x559f38c3
643	2498.2eb4: Machine: 0x8664 - amd64
644	2498.2eb4: Timestamp: 0x559f38c3
645	2498.2eb4: Image Version: 10.0
646	2498.2eb4: SizeOfImage: 0x1dd000 (1953792)
647	2498.2eb4: Resource Dir: 0x1c7000 LB 0x530
648	2498.2eb4: ProductName: Microsoft® Windows® Operating System
649	2498.2eb4: ProductVersion: 10.0.10240.16384
650	2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
651	2498.2eb4: FileDescription: Windows NT BASE API Client DLL
652	2498.2eb4: \SystemRoot\System32\apisetschema.dll:
653	2498.2eb4: CreationTime: 2015-07-10T11:00:04.872098600Z
654	2498.2eb4: LastWriteTime: 2015-07-10T11:00:04.872098600Z
655	2498.2eb4: ChangeTime: 2015-09-25T07:06:14.701298100Z
656	2498.2eb4: FileAttributes: 0x20
657	2498.2eb4: Size: 0x16760
658	2498.2eb4: NT Headers: 0xc8
659	2498.2eb4: Timestamp: 0x559f3e3d
660	2498.2eb4: Machine: 0x8664 - amd64
661	2498.2eb4: Timestamp: 0x559f3e3d
662	2498.2eb4: Image Version: 10.0
663	2498.2eb4: SizeOfImage: 0x17000 (94208)
664	2498.2eb4: Resource Dir: 0x16000 LB 0x3f0
665	2498.2eb4: ProductName: Microsoft® Windows® Operating System
666	2498.2eb4: ProductVersion: 10.0.10240.16384
667	2498.2eb4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
668	2498.2eb4: FileDescription: ApiSet Schema DLL
669	2498.2eb4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
670	2498.2eb4: supR3HardenedWinFindAdversaries: 0x100
671	2498.2eb4: \SystemRoot\System32\drivers\avgrkx64.sys:
672	2498.2eb4: CreationTime: 2015-03-20T10:18:18.000000000Z
673	2498.2eb4: LastWriteTime: 2015-03-20T10:18:18.000000000Z
674	2498.2eb4: ChangeTime: 2015-09-25T06:34:23.860789900Z
675	2498.2eb4: FileAttributes: 0x20
676	2498.2eb4: Size: 0x9fe0
677	2498.2eb4: NT Headers: 0xe8
678	2498.2eb4: Timestamp: 0x550bf3e7
679	2498.2eb4: Machine: 0x8664 - amd64
680	2498.2eb4: Timestamp: 0x550bf3e7
681	2498.2eb4: Image Version: 6.2
682	2498.2eb4: SizeOfImage: 0xa000 (40960)
683	2498.2eb4: Resource Dir: 0x9000 LB 0x510
684	2498.2eb4: ProductName: AVG Internet Security
685	2498.2eb4: ProductVersion: 15.0.0.5908
686	2498.2eb4: FileVersion: 15.0.0.5908
687	2498.2eb4: SpecialBuild: AvCompile_2015_0320_111532(5908), SVNRev 18c4578e1c294cb8006a179b834157155925d4af (release/SmallUpdate2015-04_beta), av
688	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
689	2498.2eb4: FileDescription: AVG Anti-Rootkit Driver
690	2498.2eb4: \SystemRoot\System32\drivers\avgmfx64.sys:
691	2498.2eb4: CreationTime: 2015-08-04T09:32:32.000000000Z
692	2498.2eb4: LastWriteTime: 2015-08-04T09:32:32.000000000Z
693	2498.2eb4: ChangeTime: 2015-09-25T06:34:25.407743600Z
694	2498.2eb4: FileAttributes: 0x20
695	2498.2eb4: Size: 0x3d3b0
696	2498.2eb4: NT Headers: 0xe0
697	2498.2eb4: Timestamp: 0x55c086ac
698	2498.2eb4: Machine: 0x8664 - amd64
699	2498.2eb4: Timestamp: 0x55c086ac
700	2498.2eb4: Image Version: 6.2
701	2498.2eb4: SizeOfImage: 0x3e000 (253952)
702	2498.2eb4: Resource Dir: 0x3c000 LB 0x52c
703	2498.2eb4: ProductName: AVG Internet Security
704	2498.2eb4: ProductVersion: 15.0.0.6132
705	2498.2eb4: FileVersion: 15.0.0.6132
706	2498.2eb4: SpecialBuild: AvCompile_2015_0804_112815(6132), SVNRev cbac1c769cb9b6888db1f1065b4133bf3c9ce40f (release/SmallUpdate2015-08_beta), av
707	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
708	2498.2eb4: FileDescription: AVG Resident Shield Minifilter Driver
709	2498.2eb4: \SystemRoot\System32\drivers\avgidsdrivera.sys:
710	2498.2eb4: CreationTime: 2015-08-19T09:52:30.000000000Z
711	2498.2eb4: LastWriteTime: 2015-08-19T09:52:30.000000000Z
712	2498.2eb4: ChangeTime: 2015-09-25T06:34:26.104269300Z
713	2498.2eb4: FileAttributes: 0x20
714	2498.2eb4: Size: 0x4c7b0
715	2498.2eb4: NT Headers: 0xe8
716	2498.2eb4: Timestamp: 0x55d451da
717	2498.2eb4: Machine: 0x8664 - amd64
718	2498.2eb4: Timestamp: 0x55d451da
719	2498.2eb4: Image Version: 6.2
720	2498.2eb4: SizeOfImage: 0x53000 (339968)
721	2498.2eb4: Resource Dir: 0x51000 LB 0x554
722	2498.2eb4: ProductName: AVG Internet Security
723	2498.2eb4: ProductVersion: 15.0.0.6137
724	2498.2eb4: FileVersion: 15.0.0.6137
725	2498.2eb4: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
726	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
727	2498.2eb4: FileDescription: AVG IDS Application Activity Monitor Driver.
728	2498.2eb4: \SystemRoot\System32\drivers\avgidsha.sys:
729	2498.2eb4: CreationTime: 2015-08-19T09:53:56.000000000Z
730	2498.2eb4: LastWriteTime: 2015-08-19T09:53:56.000000000Z
731	2498.2eb4: ChangeTime: 2015-09-25T06:34:26.026140600Z
732	2498.2eb4: FileAttributes: 0x20
733	2498.2eb4: Size: 0x48bb0
734	2498.2eb4: NT Headers: 0xd8
735	2498.2eb4: Timestamp: 0x55d45230
736	2498.2eb4: Machine: 0x8664 - amd64
737	2498.2eb4: Timestamp: 0x55d45230
738	2498.2eb4: Image Version: 6.2
739	2498.2eb4: SizeOfImage: 0x49000 (299008)
740	2498.2eb4: Resource Dir: 0x47000 LB 0x548
741	2498.2eb4: ProductName: AVG Internet Security
742	2498.2eb4: ProductVersion: 15.0.0.6137
743	2498.2eb4: FileVersion: 15.0.0.6137
744	2498.2eb4: SpecialBuild: AvCompile_2015_0819_113418(6137), SVNRev 7ade868631072664eb184732ae422a4307e58f68 (release/SmallUpdate2015-08_release), av
745	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
746	2498.2eb4: FileDescription: AVG Application Activity Monitor Helper Driver
747	2498.2eb4: \SystemRoot\System32\drivers\avgloga.sys:
748	2498.2eb4: CreationTime: 2015-05-07T11:50:22.000000000Z
749	2498.2eb4: LastWriteTime: 2015-05-07T11:50:22.000000000Z
750	2498.2eb4: ChangeTime: 2015-09-25T06:34:23.767034300Z
751	2498.2eb4: FileAttributes: 0x20
752	2498.2eb4: Size: 0x5c5e0
753	2498.2eb4: NT Headers: 0xf0
754	2498.2eb4: Timestamp: 0x554b5179
755	2498.2eb4: Machine: 0x8664 - amd64
756	2498.2eb4: Timestamp: 0x554b5179
757	2498.2eb4: Image Version: 6.2
758	2498.2eb4: SizeOfImage: 0x5b000 (372736)
759	2498.2eb4: Resource Dir: 0x59000 LB 0x4ec
760	2498.2eb4: ProductName: AVG Internet Security
761	2498.2eb4: ProductVersion: 15.0.0.5957
762	2498.2eb4: FileVersion: 15.0.0.5957
763	2498.2eb4: SpecialBuild: AvCompile_2015_0507_134328(5957), SVNRev bcddc515e1405c8e35481b16de334020e451ec3e (release/HotFix2015-05), av
764	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
765	2498.2eb4: FileDescription: AVG Logging Driver
766	2498.2eb4: \SystemRoot\System32\drivers\avgldx64.sys:
767	2498.2eb4: CreationTime: 2015-06-16T13:55:04.000000000Z
768	2498.2eb4: LastWriteTime: 2015-06-16T13:55:04.000000000Z
769	2498.2eb4: ChangeTime: 2015-09-25T06:34:23.970170200Z
770	2498.2eb4: FileAttributes: 0x20
771	2498.2eb4: Size: 0x3f3e0
772	2498.2eb4: NT Headers: 0xe0
773	2498.2eb4: Timestamp: 0x55802aaf
774	2498.2eb4: Machine: 0x8664 - amd64
775	2498.2eb4: Timestamp: 0x55802aaf
776	2498.2eb4: Image Version: 6.2
777	2498.2eb4: SizeOfImage: 0x42000 (270336)
778	2498.2eb4: Resource Dir: 0x40000 LB 0x50c
779	2498.2eb4: ProductName: AVG Internet Security
780	2498.2eb4: ProductVersion: 15.0.0.6055
781	2498.2eb4: FileVersion: 15.0.0.6055
782	2498.2eb4: SpecialBuild: AvCompile_2015_0616_154836(6055), SVNRev 309d50c06d2885375935ac1c0a79cdb255cb7045 (release/SmallUpdate2015-06_beta), av
783	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
784	2498.2eb4: FileDescription: AVG AVI Loader Driver
785	2498.2eb4: \SystemRoot\System32\drivers\avgdiska.sys:
786	2498.2eb4: CreationTime: 2015-03-11T10:16:06.000000000Z
787	2498.2eb4: LastWriteTime: 2015-03-11T10:16:06.000000000Z
788	2498.2eb4: ChangeTime: 2015-09-25T06:34:26.307403800Z
789	2498.2eb4: FileAttributes: 0x20
790	2498.2eb4: Size: 0x27be0
791	2498.2eb4: NT Headers: 0xe0
792	2498.2eb4: Timestamp: 0x550015e3
793	2498.2eb4: Machine: 0x8664 - amd64
794	2498.2eb4: Timestamp: 0x550015e3
795	2498.2eb4: Image Version: 6.2
796	2498.2eb4: SizeOfImage: 0x29000 (167936)
797	2498.2eb4: Resource Dir: 0x27000 LB 0x4e0
798	2498.2eb4: ProductName: AVG Internet Security
799	2498.2eb4: ProductVersion: 15.0.0.5902
800	2498.2eb4: FileVersion: 15.0.0.5902
801	2498.2eb4: SpecialBuild: AvCompile_2015_0311_110513(5902), SVNRev d57888a6d0541615b2b2c643813a0b67abc3acba (av/devel), av
802	2498.2eb4: PrivateBuild: x64 Release_Unicode_DRIVER
803	2498.2eb4: FileDescription: AVG File Vault Driver
804	2498.2eb4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
805	2498.2eb4: Calling main()
806	2498.2eb4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
807	2498.2eb4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
808	2498.2eb4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
809	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
810	2498.2eb4: SUPR3HardenedMain: Final process, opening VBoxDrv...
811	2498.2eb4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000de0000 LB 0x400000)
812	2498.2eb4: supR3HardNtEnableThreadCreation:
813	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
814	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
815	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
816	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
817	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc341c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
818	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
819	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
820	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
821	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
822	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
823	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
824	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
825	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
826	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
827	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
828	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
829	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
830	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
831	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
832	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
833	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
834	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
835	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
836	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
837	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
838	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
839	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
840	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
841	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
842	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
843	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
844	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
845	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
846	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
847	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
848	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
849	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
850	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
851	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
852	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
853	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
854	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
855	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
856	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
857	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41fc0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
858	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
859	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f600000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
860	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
861	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fe10000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
862	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
863	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41e90000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
864	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
865	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc401c0000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
866	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
867	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\WINDOWS\system32\Wintrust.dll'
868	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
869	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
870	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
871	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
872	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f4b0000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
873	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
874	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f4b0000 'C:\WINDOWS\system32\bcrypt.dll'
875	2498.2eb4: bcrypt.dll loaded at 00007ffc3f4b0000, BCryptOpenAlgorithmProvider at 00007ffc3f4b4a00, preloading providers:
876	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
877	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
878	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
879	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
880	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f3a0000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
881	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
882	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f3a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
883	2498.2eb4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001279a40)
884	2498.2eb4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000127a100)
885	2498.2eb4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000127a3d0)
886	2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000127a730)
887	2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000127b250)
888	2498.2eb4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000127b560)
889	2498.2eb4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000127b870)
890	2498.2eb4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000127bb40)
891	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
892	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
893	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
894	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
895	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
896	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
897	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
898	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
899	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
900	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
901	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
902	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
903	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
904	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
905	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
906	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
907	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
908	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
909	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
910	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
911	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
912	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
913	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
914	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
915	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ee20000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
916	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
917	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
918	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
919	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
920	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
921	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
922	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
923	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
924	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
925	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
926	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
927	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
928	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ea00000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
929	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
930	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
931	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
932	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
933	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
934	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ef90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
935	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
936	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
937	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
938	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
939	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
940	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
941	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll'
942	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
943	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
944	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
945	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
946	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\CRYPT32.dll'
947	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc403d0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
948	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
949	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
950	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
951	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
952	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
953	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
954	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
955	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
956	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
957	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42640000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
958	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
959	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
960	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
961	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
962	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
963	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
964	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
965	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3e4a0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
966	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
967	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f580000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
968	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
969	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
970	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
971	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
972	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
973	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
974	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
975	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
976	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
977	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
978	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\Wldap32.dll)
979	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\Wldap32.dll
980	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
981	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
982	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
983	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
984	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
985	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
986	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
987	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
988	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
989	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
990	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
991	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
992	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
993	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
994	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
995	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
996	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
997	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
998	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
999	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1000	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42a80000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
1001	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1002	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc267b0000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
1003	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1004	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1005	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1006	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1007	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1008	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1009	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1010	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1011	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1012	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1013	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1014	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1015	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1016	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1017	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1018	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1019	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1020	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1021	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1022	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1023	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1024	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1025	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1026	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1027	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1028	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1029	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1030	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1031	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1032	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\WINDOWS\system32\cryptnet.dll'
1033	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1034	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267b0000 'C:\Windows\System32\cryptnet.dll'
1035	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40520000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
1036	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1037	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
1038	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
1039	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
1040	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1041	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1042	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1043	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1044	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1045	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1046	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1047	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1048	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1049	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1050	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1051	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1052	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1053	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1054	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1055	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1056	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1057	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012bca70
1058	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1059	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
1060	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1061	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1062	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc41e90000 'C:\WINDOWS\system32\rpcrt4.dll'
1063	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1064	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1065	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1066	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1067	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1068	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1069	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1070	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1071	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1072	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1073	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1074	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1075	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1076	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1077	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\Windows\System32\WINTRUST.DLL'
1078	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1079	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1080	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1081	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1082	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1083	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1084	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
1085	2498.2eb4: g_pfnWinVerifyTrust=00007ffc401c8890
1086	2498.2eb4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1087	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1088	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1089	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1090	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1091	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1092	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1093	2498.2eb4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
1094	2498.2eb4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1095	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1096	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1097	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1098	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
1099	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1100	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1101	2498.2eb4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
1102	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1103	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1104	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1105	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1106	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
1107	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume5\Windows\System32\Wldap32.dll
1108	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
1109	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1110	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
1111	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1112	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1113	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1114	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
1115	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1116	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
1117	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume5\Windows\System32\cryptnet.dll
1118	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
1119	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1120	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
1121	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1122	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1123	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1124	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
1125	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1126	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
1127	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1128	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1129	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1130	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
1131	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1132	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1133	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1134	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
1135	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1136	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1137	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1138	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
1139	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1140	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1141	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1142	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
1143	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1144	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1145	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
1146	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1147	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1148	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
1149	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1150	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1151	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1152	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1153	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
1154	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1155	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1156	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
1157	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1158	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1159	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
1160	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1161	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1162	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
1163	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1164	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1165	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
1166	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1167	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1168	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
1169	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1170	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1171	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
1172	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1173	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1174	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1175	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1176	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1177	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1178	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
1179	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1180	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1181	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
1182	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1183	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1184	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1185	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1186	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1187	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1188	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x987869d3679da00 CN=ClockworkMod
1189	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1190	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x5fc0d803a95dc700 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
1191	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1192	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1193	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1194	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x9b24d19bd616cb00 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
1195	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1196	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1197	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1198	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1199	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1200	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1201	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1202	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1203	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1204	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1205	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1206	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1207	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
1208	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1209	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1210	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1211	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1212	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1213	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1214	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1215	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1216	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1217	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1218	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1219	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1220	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1221	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1222	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
1223	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1224	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1225	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1226	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1227	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1228	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1229	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1230	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
1231	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1232	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1233	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1234	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1235	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1236	2498.2eb4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1237	2498.2eb4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
1238	2498.2eb4: SUPR3HardenedMain: Load Runtime...
1239	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1240	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1241	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1242	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1243	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1244	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1245	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1246	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1247	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1248	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1249	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1250	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1251	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1252	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1253	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
1254	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1255	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
1256	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1257	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1259	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1260	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1261	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1262	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1263	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1264	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
1265	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll)
1266	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
1267	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1268	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1269	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1270	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1271	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1272	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1273	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1274	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1275	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1276	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll)
1277	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1278	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1279	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1280	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1281	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1282	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1283	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1284	2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058b90000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1285	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1286	2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058af0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1287	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1288	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40610000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
1289	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1290	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc403f0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
1291	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1292	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc11e00000 LB 0x0054b000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1293	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1294	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1295	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1296	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
1297	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rescheduled]
1298	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1299	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1300	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1301	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1302	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1303	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1304	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1305	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1306	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1307	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1308	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1309	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1310	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1311	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1312	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1313	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1314	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1315	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1316	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1317	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1318	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1319	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1320	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1321	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1322	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1323	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1324	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1325	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1326	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1327	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1328	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1329	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1330	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1331	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1332	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1333	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1334	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1335	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1336	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1337	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1338	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1339	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1340	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1341	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1342	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1343	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1345	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1346	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11e00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc401c0000 'C:\WINDOWS\system32\Wintrust.dll'
1348	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1349	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1350	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
1351	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1352	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1353	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1354	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1355	2498.2eb4: SUPR3HardenedMain: Load TrustedMain...
1356	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1357	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1358	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1359	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1360	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1361	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1362	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1363	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1364	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1365	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1366	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1367	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1368	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1369	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1370	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1371	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1372	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1373	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1374	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
1375	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1376	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1377	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1378	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1379	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1380	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1381	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
1382	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
1383	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
1384	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1385	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1386	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1387	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
1388	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1389	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
1390	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1391	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1392	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'.
1393	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
1394	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
1395	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
1396	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1397	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1398	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
1399	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1400	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1401	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'.
1402	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1403	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
1404	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll)
1405	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll
1406	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1407	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1408	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'.
1409	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1410	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1411	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll)
1412	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
1413	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1414	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1415	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1416	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1417	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
1418	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
1419	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
1420	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1421	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1422	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1423	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1424	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1425	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1426	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'.
1427	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll)
1428	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
1429	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1430	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1431	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1432	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
1433	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1434	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1435	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_207_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'
1436	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1437	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1438	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
1439	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
1440	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
1441	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
1442	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
1443	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) WinVerifyTrust
1444	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1445	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1446	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1447	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1448	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1449	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
1450	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1451	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
1452	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
1453	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
1454	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
1455	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1456	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1457	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
1458	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1459	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1460	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1461	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll)
1462	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
1463	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1464	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1465	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1466	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1467	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1468	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'.
1469	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1470	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
1471	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
1472	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
1473	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
1474	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1475	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1476	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1477	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1478	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1479	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1480	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1481	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1482	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1483	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1484	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1485	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1486	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1487	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1488	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1489	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1490	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1491	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1492	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1493	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1494	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1495	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1496	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1497	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1498	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1499	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1500	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1501	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1502	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1503	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1504	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1505	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1506	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1507	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1508	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1509	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
1510	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1511	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1512	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1513	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1514	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1515	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1516	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1517	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1518	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
1519	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1520	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
1521	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
1522	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
1523	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1524	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1525	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1526	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1527	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1528	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1529	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1530	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1531	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1532	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
1533	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
1534	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
1535	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
1536	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
1537	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
1538	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1539	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1540	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1541	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1542	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1543	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
1544	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1545	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1546	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1547	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1548	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1549	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1550	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1551	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1552	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1553	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1554	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
1555	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1556	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1557	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll'
1558	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1559	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1560	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1561	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1562	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1563	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1564	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1565	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1566	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
1567	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1568	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1569	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust]
1570	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1571	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1572	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
1573	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1574	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1575	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1576	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1577	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1578	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1579	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1580	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1581	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1582	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1583	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1584	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1585	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1586	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1587	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1588	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1589	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1590	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1591	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1592	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1593	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1594	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1595	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1596	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1597	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1598	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1599	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1600	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1601	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1602	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1603	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1604	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1605	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1606	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1607	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1608	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1609	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1610	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1611	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1612	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1613	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1614	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1615	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1616	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1617	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1618	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1619	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1620	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
1621	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1622	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1623	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1624	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1625	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1626	2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
1627	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1628	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1629	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1630	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1631	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1632	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1633	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll)
1634	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
1635	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1636	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1637	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1638	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1639	2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'.
1640	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1641	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
1642	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
1643	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
1644	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\ddraw.dll)
1645	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ddraw.dll
1646	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1647	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1648	2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
1649	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1650	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1651	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1652	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll)
1653	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
1654	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1655	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1656	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1657	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1658	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1659	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1660	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1661	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1662	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1663	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1664	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1665	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1666	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1667	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1668	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1669	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1670	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1671	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1672	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1673	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
1674	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1675	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1676	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1677	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1678	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1679	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1680	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1681	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1682	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1683	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1684	2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'.
1685	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1686	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
1687	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv)
1688	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
1689	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1690	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1691	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
1692	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1693	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1694	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
1695	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1696	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
1697	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
1698	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
1699	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1700	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1701	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1702	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1703	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1704	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1705	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1706	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1707	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1708	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1709	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1710	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1711	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1712	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1713	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1714	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1715	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1716	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1717	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1718	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1719	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1720	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1721	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1722	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1723	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1724	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1725	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1726	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'.
1727	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1728	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1729	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
1730	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
1731	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll)
1732	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll
1733	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1734	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1735	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1736	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1737	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
1738	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1739	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1740	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1741	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1742	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1743	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1744	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1745	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1746	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1747	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1748	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1749	2498.2eb4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'.
1750	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1751	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1752	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1753	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dciman32.dll)
1754	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dciman32.dll
1755	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1756	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1757	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1758	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1759	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1760	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1761	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1762	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1763	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1764	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1765	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1766	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1767	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1768	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1769	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1770	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1771	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1772	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1773	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1774	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
1775	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1776	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1777	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1778	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1779	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1780	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1781	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
1782	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1783	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1784	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1785	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
1786	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1787	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1788	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1789	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1790	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1791	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1792	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1793	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1794	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1795	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1796	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
1797	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1798	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1799	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1800	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1801	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1802	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1803	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1804	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1805	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1806	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'
1807	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1808	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1809	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1810	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1811	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1812	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1813	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1814	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1815	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll
1816	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
1817	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1818	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
1819	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1820	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1821	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
1822	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1823	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
1824	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1825	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
1826	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
1827	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1828	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1829	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1830	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1831	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1832	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1833	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1834	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
1835	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
1836	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
1837	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1838	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1839	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1840	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1841	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1842	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1843	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42340000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
1844	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc421b0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
1845	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28450000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1846	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1847	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28130000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
1848	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1849	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28460000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1850	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1851	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc28230000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1852	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
1853	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42750000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
1854	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1855	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42060000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
1856	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1857	2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058810000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1858	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1859	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fd00000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
1860	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1861	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
1862	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll)
1863	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll
1864	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42490000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
1865	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1866	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2f1a0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
1867	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
1868	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f5f0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
1869	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
1870	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1871	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll)
1872	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll
1873	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f5a0000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
1874	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1875	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
1876	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll)
1877	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll
1878	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3f620000 LB 0x00629000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
1879	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1880	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
1881	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1882	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
1883	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll)
1884	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll
1885	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40620000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
1886	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
1887	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc42560000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
1888	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1889	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc40460000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
1890	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1891	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc41d30000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
1892	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1893	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc405d0000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
1894	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1895	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3fdc0000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
1896	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1897	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3def0000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1898	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1899	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3dba0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1900	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1901	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3dbd0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1902	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
1903	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2ef60000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1904	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1905	2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000057ea0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1906	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1907	2498.2eb4: supR3HardenedDllNotificationCallback: load 00000000593d0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1908	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1909	2498.2eb4: supR3HardenedDllNotificationCallback: load 0000000058e40000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1910	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1911	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc0fe20000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1912	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
1913	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll'.
1914	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll' [rescheduled]
1915	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\powrprof.dll'.
1916	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\powrprof.dll' [rescheduled]
1917	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll'.
1918	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll' [rescheduled]
1919	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\SHCore.dll'.
1920	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll' [rescheduled]
1921	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
1922	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
1923	2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'.
1924	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rescheduled]
1925	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'.
1926	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rescheduled]
1927	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
1928	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
1929	2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'.
1930	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rescheduled]
1931	2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
1932	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
1933	2498.2eb4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'.
1934	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rescheduled]
1935	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
1936	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
1937	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'.
1938	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rescheduled]
1939	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
1940	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rescheduled]
1941	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'.
1942	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rescheduled]
1943	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'.
1944	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rescheduled]
1945	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'.
1946	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rescheduled]
1947	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1948	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
1949	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll
1950	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1951	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1952	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll
1953	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1954	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1955	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
1956	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
1957	2498.2eb4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll
1958	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1959	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1960	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1961	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1962	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1963	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1964	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1965	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1966	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1967	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1968	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1969	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1970	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1971	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1972	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
1973	2498.2eb4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
1974	2498.2eb4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll
1975	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1976	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1977	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1978	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1979	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1980	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1981	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1982	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1983	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1984	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1985	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc405d0000 'C:\WINDOWS\system32\imm32.dll'
1986	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fe20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1987	2498.2eb4: SUPR3HardenedMain: Calling TrustedMain (00007ffc0fe21910)...
1988	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
1989	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1990	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dbd0000 'C:\WINDOWS\system32\winmm.dll'
1991	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll
1992	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
1993	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
1994	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
1995	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
1996	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
1997	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_205_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
1998	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1999	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2000	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
2001	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
2002	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll) WinVerifyTrust
2003	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2004	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2005	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2006	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2007	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2008	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2009	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2010	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2011	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2012	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3de50000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2013	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2014	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll'
2015	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2016	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2017	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2018	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09FF5B072B6B78D02C4955C2161A8E11ABD90FFC
2019	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2020	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2021	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
2022	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2023	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2024	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2025	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'user32.dll'.
2026	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
2027	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
2028	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2029	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
2030	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
2031	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [redoing WinVerifyTrust]
2032	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2033	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2034	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll'
2035	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2036	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2037	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2038	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2039	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2040	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2041	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2042	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2043	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2f970000 LB 0x000a2000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
2044	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2045	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f970000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
2046	2498.2eb4: \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
2047	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2048	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
2049	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
2050	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2051	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2052	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
2053	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2054	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
2055	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll
2056	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2057	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2058	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2059	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2060	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2061	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2062	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2063	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2064	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
2065	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2066	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2067	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
2068	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
2069	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
2070	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2071	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2072	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'
2073	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2074	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2075	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2076	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2077	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2078	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll) WinVerifyTrust
2079	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll
2080	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2081	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2082	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2083	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll
2084	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
2085	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc34ac0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
2086	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
2087	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc267e0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2088	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files (x86)\TeamViewer\tv_x64.dll
2089	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc267e0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2090	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
2091	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2092	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40520000 'C:\WINDOWS\system32\advapi32.dll'
2093	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2094	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
2095	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
2096	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll)
2097	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2098	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3d090000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2099	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2100	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006ac pwszName=\Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2101	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2102	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2103	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
2104	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2105	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2106	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2107	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2108	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2109	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2110	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2111	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2112	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
2113	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2114	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
2115	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2116	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2117	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40620000 'C:\WINDOWS\system32\shell32.dll'
2118	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2119	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2120	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll'
2121	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2122	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2123	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll'
2124	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2125	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2126	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll'
2127	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2128	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2129	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2130	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll'
2131	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2132	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2133	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll'
2134	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll'
2135	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
2136	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2137	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40520000 'C:\WINDOWS\system32\advapi32.dll'
2138	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2139	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2140	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2141	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2142	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
2143	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll) WinVerifyTrust
2144	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll
2145	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2146	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2147	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll
2148	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2149	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2150	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2151	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2152	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2153	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
2154	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3ecd0000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2155	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
2156	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ecd0000 'C:\WINDOWS\system32\userenv.dll'
2157	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2158	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2159	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll'
2160	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc429d0000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
2161	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2162	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2163	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll)
2164	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
2165	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2166	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2167	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
2168	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2169	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2170	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
2171	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2172	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2173	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll'
2174	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2175	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2176	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2177	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2178	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2179	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2180	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2181	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
2182	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2183	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2184	2498.173c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2185	2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2186	2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2187	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2188	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2189	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2190	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2191	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2192	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2193	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2194	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2195	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2196	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2197	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2198	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
2199	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2200	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2201	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2202	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2203	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2204	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2205	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2206	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2207	2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\psapi.dll) WinVerifyTrust
2208	2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\psapi.dll
2209	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2210	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2211	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
2212	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2213	2498.173c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2214	2498.173c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
2215	2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2216	2498.173c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2217	2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc42ae0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
2218	2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\psapi.dll
2219	2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc26040000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2220	2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2221	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc26040000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2222	2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2223	2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2224	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\Windows\System32\oleaut32.dll'
2225	2498.173c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sxs.dll)
2226	2498.173c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sxs.dll
2227	2498.173c: supR3HardenedDllNotificationCallback: load 00007ffc3f410000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
2228	2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
2229	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2230	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2231	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sxs.dll'
2232	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2233	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2234	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\WINDOWS\system32\OLEAUT32.dll'
2235	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2236	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2237	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2238	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc421b0000 'C:\WINDOWS\system32\gdi32.dll'
2239	2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2240	2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2241	2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2242	2498.1074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2243	2498.1074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2244	2498.1074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2245	2498.1074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2246	2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2247	2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2248	2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2249	2498.1074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2250	2498.1074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2251	2498.1074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2252	2498.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000139 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
2253	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll'
2254	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2255	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2256	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40620000 'C:\WINDOWS\system32\shell32.dll'
2257	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume5\Windows\System32\DataExchange.dll
2258	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2259	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2260	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
2261	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2262	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2263	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\DataExchange.dll'
2264	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2265	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2266	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2267	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
2268	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
2269	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
2270	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
2271	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DataExchange.dll) WinVerifyTrust
2272	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
2273	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2274	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume5\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2275	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
2276	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2277	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2278	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2279	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2280	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dcomp.dll) WinVerifyTrust
2281	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dcomp.dll
2282	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2283	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2284	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2285	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2286	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2287	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2288	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2289	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
2290	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d11.dll) WinVerifyTrust
2291	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d11.dll
2292	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
2293	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume5\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
2294	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba0 pwszName=\Device\HarddiskVolume5\Windows\System32\d2d1.dll
2295	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2296	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2297	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
2298	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2299	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2300	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
2301	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2302	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
2303	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dxgi.dll)
2304	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dxgi.dll
2305	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2306	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2307	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2308	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2309	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2310	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2311	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2312	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2313	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\d2d1.dll'
2314	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2315	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2316	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d2d1.dll) WinVerifyTrust
2317	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d2d1.dll
2318	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2319	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2320	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
2321	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2322	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2323	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2324	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2325	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll'
2326	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2327	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume5\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2328	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
2329	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2330	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2331	2498.2eb4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll'
2332	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2333	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2334	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2335	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
2336	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d2d1.dll
2337	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll
2338	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dcomp.dll
2339	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2340	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc36b90000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0]
2341	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d2d1.dll
2342	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3caa0000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2343	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2344	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3cb40000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2345	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll
2346	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3d7e0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2347	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dcomp.dll
2348	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc2b290000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2349	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
2350	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2b290000 'C:\WINDOWS\system32\dataexchange.dll'
2351	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2352	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2353	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'
2354	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2355	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
2356	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
2357	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2358	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
2359	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll)
2360	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll
2361	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc3df40000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2362	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2363	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2364	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2365	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
2366	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2367	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2368	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2369	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2370	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
2371	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2372	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2373	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
2374	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2375	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2376	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2377	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2378	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll'
2379	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2380	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2381	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll'
2382	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2383	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2384	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\system32\dwmapi.dll'
2385	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2386	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2387	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3de50000 'C:\WINDOWS\system32\uxtheme.dll'
2388	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42340000 'C:\WINDOWS\system32\user32.dll'
2389	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2390	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2391	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc42060000 'C:\WINDOWS\system32\ole32.dll'
2392	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2393	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2394	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc40460000 'C:\WINDOWS\system32\OLEAUT32.dll'
2395	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c94 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2396	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2397	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2398	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
2399	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2400	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2401	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll'
2402	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2403	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2404	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2405	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2406	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2407	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2408	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2409	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2410	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca4 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2411	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2412	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2413	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
2414	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2415	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2416	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll'
2417	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2418	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2419	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2420	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2421	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust
2422	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2423	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2424	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2425	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2426	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2427	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2428	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2429	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2430	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2431	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2432	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2433	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
2434	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2435	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2436	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2437	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2438	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2439	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc371f0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2440	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2441	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc341f0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2442	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2443	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2444	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2445	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc341f0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2446	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c38 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2447	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2448	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2449	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
2450	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2451	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2452	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll'
2453	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2454	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2455	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2456	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2457	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2458	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2459	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2460	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2461	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2462	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2463	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2464	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc33a10000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2465	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2466	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33a10000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2467	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2468	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'api-ms-win-core-localization-l1-2-0.dll'
2469	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2470	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ffe0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2471	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c44 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2472	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2473	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2474	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
2475	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2476	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2477	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll'
2478	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2479	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2480	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2481	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2482	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2483	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2484	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2485	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2486	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2487	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2488	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2489	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2490	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc33d30000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2491	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2492	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc33d30000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2493	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll
2494	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012bca70
2495	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012bca70
2496	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16E6BFDCA13CB7F51A7C251687D263D303321EBA
2497	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2498	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2499	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_181_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll'
2500	2498.2eb4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2501	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2502	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2503	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
2504	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'userenv.dll'.
2505	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll) WinVerifyTrust
2506	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll
2507	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2508	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2509	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
2510	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2511	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2512	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2513	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2514	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2515	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2516	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2517	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\uiautomationcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2518	2498.2eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll
2519	2498.2eb4: supR3HardenedDllNotificationCallback: load 00007ffc36540000 LB 0x0014c000 C:\Windows\System32\uiautomationcore.dll [fFlags=0x0]
2520	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll
2521	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36540000 'C:\Windows\System32\uiautomationcore.dll'
2522	2498.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\UIAutomationCore.dll
2523	2498.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\UIAutomationCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2524	2498.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36540000 'C:\Windows\System32\UIAutomationCore.dll'
2525	2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2526	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2527	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2528	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2529	2498.199c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2530	2498.199c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2531	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2532	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2533	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2534	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2535	2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2536	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2537	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2538	2498.199c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2539	2498.199c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2540	2498.199c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2541	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2542	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2543	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2544	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2545	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2546	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2547	2498.199c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2548	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2549	2498.199c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2550	2498.199c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2551	2498.199c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2552	2498.199c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2553	2498.199c: supR3HardenedDllNotificationCallback: load 0000000058d30000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2554	2498.199c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2555	2498.199c: supR3HardenedDllNotificationCallback: load 00007ffc11510000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2556	2498.199c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2557	2498.199c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11510000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2558	2498.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2559	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2560	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2561	2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys)
2562	2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys
2563	2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2564	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2565	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2566	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2567	2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys)
2568	2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys
2569	2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2570	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2571	2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys)
2572	2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys
2573	2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2574	2498.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2575	2498.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys)
2576	2498.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys
2577	2498.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2578	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2579	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2580	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe'.
2581	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
2582	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
2583	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
2584	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
2585	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
2586	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
2587	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe)
2588	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe
2589	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2590	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2591	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2592	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2593	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2594	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys'.
2595	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2596	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2597	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2598	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys)
2599	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys
2600	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2601	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2602	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys'.
2603	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2604	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2605	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2606	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
2607	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys)
2608	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys
2609	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2610	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2611	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2612	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2613	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2614	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2615	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2616	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2617	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2618	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
2619	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
2620	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys'.
2621	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2622	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys)
2623	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys
2624	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2625	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2626	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
2627	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2628	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2629	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\hal.dll'.
2630	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2631	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2632	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2633	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\hal.dll)
2634	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\hal.dll
2635	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2636	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2637	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2638	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2639	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2640	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys'.
2641	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2642	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys)
2643	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys
2644	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2645	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2646	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2647	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2648	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2649	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2650	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2651	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
2652	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2653	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume5\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2654	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ci.dll'.
2655	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2656	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2657	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ci.dll)
2658	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ci.dll
2659	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2660	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2661	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\kdcom.dll'.
2662	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2663	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2664	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kdcom.dll)
2665	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kdcom.dll
2666	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
2667	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume5\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
2668	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL'.
2669	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2670	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL)
2671	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL
2672	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2673	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2674	2498.2eb4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL'.
2675	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2676	2498.2eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2677	2498.2eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\PSHED.DLL)
2678	2498.2eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\PSHED.DLL
2679	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2680	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2681	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
2682	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2683	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2684	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
2685	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2686	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2687	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2688	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2689	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2690	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2691	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2692	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2693	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
2694	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2695	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2696	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2697	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2698	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2699	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
2700	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2701	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2702	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2703	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2704	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2705	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2706	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2707	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2708	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
2709	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2710	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2711	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
2712	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2713	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2714	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2715	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2716	2498.2eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2717	2498.2eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2718	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2719	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys'
2720	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2721	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys'
2722	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2723	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys'
2724	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2725	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys'
2726	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2727	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2728	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL'
2729	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2730	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2731	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL'
2732	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2733	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
2734	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2735	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2736	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kdcom.dll'
2737	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2738	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2739	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ci.dll'
2740	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2741	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2742	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys'
2743	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2744	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2745	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\hal.dll'
2746	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2747	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2748	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\WppRecorder.sys'
2749	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2750	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2751	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys'
2752	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2753	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2754	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys'
2755	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ea00000 'C:\WINDOWS\system32\rsaenh.dll'
2756	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fe10000 'C:\WINDOWS\system32\crypt32.dll'
2757	2498.2eb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe'
2758	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2759	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2760	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\SYSTEM32\dwmapi.dll'
2761	2498.2eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2762	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2763	2498.2eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc426a0000 'C:\WINDOWS\system32\kernel32.dll'
2764	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc33a10000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
2765	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc2b290000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
2766	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc36b90000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [flags=0x0]
2767	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3cb40000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
2768	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3caa0000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
2769	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3d7e0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
2770	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc3df40000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
2771	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc33d30000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
2772	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc341f0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
2773	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc371f0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
2774	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc26040000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2775	2498.2eb4: supR3HardenedDllNotificationCallback: Unload 00007ffc42ae0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0]
2776	2498.2eb4: Terminating the normal way: rcExit=1
2777	26dc.3020: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 13673 ms, the end);
2778	a70.1c88: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 14720 ms, the end);

Download in other formats:

Original Format