Ticket #17684: VBoxHardening.log

File VBoxHardening.log, 346.4 KB (added by rafinnerty, 6 years ago)
VBoxHardening.log

Line
1	798.f6c: Log file opened: 5.2.8r121009 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03fab00
2	798.f6c: \SystemRoot\System32\ntdll.dll:
3	798.f6c: CreationTime: 2018-04-11T13:18:17.374861500Z
4	798.f6c: LastWriteTime: 2018-03-13T07:02:15.839353900Z
5	798.f6c: ChangeTime: 2018-04-11T14:16:47.914510200Z
6	798.f6c: FileAttributes: 0x20
7	798.f6c: Size: 0x1dd100
8	798.f6c: NT Headers: 0xe0
9	798.f6c: Timestamp: 0xe508fc03
10	798.f6c: Machine: 0x8664 - amd64
11	798.f6c: Timestamp: 0xe508fc03
12	798.f6c: Image Version: 10.0
13	798.f6c: SizeOfImage: 0x1e0000 (1966080)
14	798.f6c: Resource Dir: 0x174000 LB 0x6a1d8
15	798.f6c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16	798.f6c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17	798.f6c: ProductName: Microsoft® Windows® Operating System
18	798.f6c: ProductVersion: 10.0.16299.334
19	798.f6c: FileVersion: 10.0.16299.334 (WinBuild.160101.0800)
20	798.f6c: FileDescription: NT Layer DLL
21	798.f6c: \SystemRoot\System32\kernel32.dll:
22	798.f6c: CreationTime: 2017-09-29T13:42:04.954227600Z
23	798.f6c: LastWriteTime: 2017-09-29T13:42:04.954227600Z
24	798.f6c: ChangeTime: 2018-04-11T14:17:44.610006000Z
25	798.f6c: FileAttributes: 0x20
26	798.f6c: Size: 0xab868
27	798.f6c: NT Headers: 0xe8
28	798.f6c: Timestamp: 0xc2cf900
29	798.f6c: Machine: 0x8664 - amd64
30	798.f6c: Timestamp: 0xc2cf900
31	798.f6c: Image Version: 10.0
32	798.f6c: SizeOfImage: 0xae000 (712704)
33	798.f6c: Resource Dir: 0xac000 LB 0x520
34	798.f6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35	798.f6c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36	798.f6c: ProductName: Microsoft® Windows® Operating System
37	798.f6c: ProductVersion: 10.0.16299.15
38	798.f6c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
39	798.f6c: FileDescription: Windows NT BASE API Client DLL
40	798.f6c: \SystemRoot\System32\KernelBase.dll:
41	798.f6c: CreationTime: 2018-04-11T13:18:12.592545800Z
42	798.f6c: LastWriteTime: 2018-03-30T05:08:26.893801200Z
43	798.f6c: ChangeTime: 2018-04-11T14:17:47.885705500Z
44	798.f6c: FileAttributes: 0x20
45	798.f6c: Size: 0x265c00
46	798.f6c: NT Headers: 0xf0
47	798.f6c: Timestamp: 0x6369e29f
48	798.f6c: Machine: 0x8664 - amd64
49	798.f6c: Timestamp: 0x6369e29f
50	798.f6c: Image Version: 10.0
51	798.f6c: SizeOfImage: 0x266000 (2514944)
52	798.f6c: Resource Dir: 0x245000 LB 0x548
53	798.f6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54	798.f6c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55	798.f6c: ProductName: Microsoft® Windows® Operating System
56	798.f6c: ProductVersion: 10.0.16299.371
57	798.f6c: FileVersion: 10.0.16299.371 (WinBuild.160101.0800)
58	798.f6c: FileDescription: Windows NT BASE API Client DLL
59	798.f6c: \SystemRoot\System32\apisetschema.dll:
60	798.f6c: CreationTime: 2017-09-29T13:42:07.095026600Z
61	798.f6c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
62	798.f6c: ChangeTime: 2018-04-12T18:46:56.532224100Z
63	798.f6c: FileAttributes: 0x20
64	798.f6c: Size: 0x1b398
65	798.f6c: NT Headers: 0xc8
66	798.f6c: Timestamp: 0xf30abf31
67	798.f6c: Machine: 0x8664 - amd64
68	798.f6c: Timestamp: 0xf30abf31
69	798.f6c: Image Version: 10.0
70	798.f6c: SizeOfImage: 0x1c000 (114688)
71	798.f6c: Resource Dir: 0x1b000 LB 0x408
72	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73	798.f6c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74	798.f6c: ProductName: Microsoft® Windows® Operating System
75	798.f6c: ProductVersion: 10.0.16299.15
76	798.f6c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
77	798.f6c: FileDescription: ApiSet Schema DLL
78	798.f6c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79	798.f6c: supR3HardenedWinFindAdversaries: 0x4
80	798.f6c: \SystemRoot\System32\drivers\aswHwid.sys:
81	798.f6c: CreationTime: 2018-04-10T14:29:19.657340600Z
82	798.f6c: LastWriteTime: 2018-04-10T14:29:09.883548700Z
83	798.f6c: ChangeTime: 2018-04-10T14:29:17.677979500Z
84	798.f6c: FileAttributes: 0x20
85	798.f6c: Size: 0xb778
86	798.f6c: NT Headers: 0xf0
87	798.f6c: Timestamp: 0x5ab01504
88	798.f6c: Machine: 0x8664 - amd64
89	798.f6c: Timestamp: 0x5ab01504
90	798.f6c: Image Version: 6.0
91	798.f6c: SizeOfImage: 0xa000 (40960)
92	798.f6c: Resource Dir: 0x8000 LB 0x388
93	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94	798.f6c: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
95	798.f6c: ProductName: Avast Antivirus
96	798.f6c: ProductVersion: 18.3.3848.0
97	798.f6c: FileVersion: 18.3.3848.0
98	798.f6c: FileDescription: Avast HWID
99	798.f6c: \SystemRoot\System32\drivers\aswMonFlt.sys:
100	798.f6c: CreationTime: 2018-04-10T14:29:19.660341900Z
101	798.f6c: LastWriteTime: 2018-04-12T18:29:27.419544000Z
102	798.f6c: ChangeTime: 2018-04-12T18:29:27.419544000Z
103	798.f6c: FileAttributes: 0x20
104	798.f6c: Size: 0x23f18
105	798.f6c: NT Headers: 0xe0
106	798.f6c: Timestamp: 0x5acc4cc6
107	798.f6c: Machine: 0x8664 - amd64
108	798.f6c: Timestamp: 0x5acc4cc6
109	798.f6c: Image Version: 6.0
110	798.f6c: SizeOfImage: 0x28000 (163840)
111	798.f6c: Resource Dir: 0x26000 LB 0x3b8
112	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
113	798.f6c: [Raw version resource data: 0x26060 LB 0x354, codepage 0x0 (reserved 0x0)]
114	798.f6c: ProductName: Avast Antivirus
115	798.f6c: ProductVersion: 18.3.3860.315
116	798.f6c: FileVersion: 18.3.3860.315
117	798.f6c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
118	798.f6c: \SystemRoot\System32\drivers\aswRdr2.sys:
119	798.f6c: CreationTime: 2018-04-10T14:29:19.651340300Z
120	798.f6c: LastWriteTime: 2018-04-10T14:29:09.495929000Z
121	798.f6c: ChangeTime: 2018-04-10T14:29:17.677979500Z
122	798.f6c: FileAttributes: 0x20
123	798.f6c: Size: 0x1b2f8
124	798.f6c: NT Headers: 0xe8
125	798.f6c: Timestamp: 0x5ab0151a
126	798.f6c: Machine: 0x8664 - amd64
127	798.f6c: Timestamp: 0x5ab0151a
128	798.f6c: Image Version: 6.1
129	798.f6c: SizeOfImage: 0x1a000 (106496)
130	798.f6c: Resource Dir: 0x18000 LB 0x398
131	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
132	798.f6c: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
133	798.f6c: ProductName: Avast Antivirus
134	798.f6c: ProductVersion: 18.3.3848.0
135	798.f6c: FileVersion: 18.3.3848.0 built by: WinDDK
136	798.f6c: FileDescription: Avast WFP Redirect Driver
137	798.f6c: \SystemRoot\System32\drivers\aswRvrt.sys:
138	798.f6c: CreationTime: 2018-04-10T14:29:19.663341600Z
139	798.f6c: LastWriteTime: 2018-04-10T14:29:09.971060300Z
140	798.f6c: ChangeTime: 2018-04-10T14:29:17.678980200Z
141	798.f6c: FileAttributes: 0x20
142	798.f6c: Size: 0x14990
143	798.f6c: NT Headers: 0xe0
144	798.f6c: Timestamp: 0x5ab01509
145	798.f6c: Machine: 0x8664 - amd64
146	798.f6c: Timestamp: 0x5ab01509
147	798.f6c: Image Version: 6.0
148	798.f6c: SizeOfImage: 0x13000 (77824)
149	798.f6c: Resource Dir: 0x11000 LB 0x388
150	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
151	798.f6c: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
152	798.f6c: ProductName: Avast Antivirus
153	798.f6c: ProductVersion: 18.3.3848.0
154	798.f6c: FileVersion: 18.3.3848.0
155	798.f6c: FileDescription: Avast Revert
156	798.f6c: \SystemRoot\System32\drivers\aswSnx.sys:
157	798.f6c: CreationTime: 2018-04-10T14:29:19.647339900Z
158	798.f6c: LastWriteTime: 2018-04-10T14:28:52.602921100Z
159	798.f6c: ChangeTime: 2018-04-10T14:29:17.678980200Z
160	798.f6c: FileAttributes: 0x20
161	798.f6c: Size: 0xfaa88
162	798.f6c: NT Headers: 0xe8
163	798.f6c: Timestamp: 0x5ab01532
164	798.f6c: Machine: 0x8664 - amd64
165	798.f6c: Timestamp: 0x5ab01532
166	798.f6c: Image Version: 6.0
167	798.f6c: SizeOfImage: 0xf8000 (1015808)
168	798.f6c: Resource Dir: 0xf0000 LB 0x378
169	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
170	798.f6c: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
171	798.f6c: ProductName: Avast Antivirus
172	798.f6c: ProductVersion: 18.3.3848.0
173	798.f6c: FileVersion: 18.3.3848.0
174	798.f6c: FileDescription: Avast Virtualization Driver
175	798.f6c: \SystemRoot\System32\drivers\aswsp.sys:
176	798.f6c: CreationTime: 2018-04-10T14:29:19.666341600Z
177	798.f6c: LastWriteTime: 2018-04-10T14:29:10.031568000Z
178	798.f6c: ChangeTime: 2018-04-10T14:29:17.678980200Z
179	798.f6c: FileAttributes: 0x20
180	798.f6c: Size: 0x706e8
181	798.f6c: NT Headers: 0xe0
182	798.f6c: Timestamp: 0x5ab01527
183	798.f6c: Machine: 0x8664 - amd64
184	798.f6c: Timestamp: 0x5ab01527
185	798.f6c: Image Version: 6.0
186	798.f6c: SizeOfImage: 0x72000 (466944)
187	798.f6c: Resource Dir: 0x70000 LB 0x370
188	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
189	798.f6c: [Raw version resource data: 0x70060 LB 0x310, codepage 0x0 (reserved 0x0)]
190	798.f6c: ProductName: Avast Antivirus
191	798.f6c: ProductVersion: 18.3.3848.0
192	798.f6c: FileVersion: 18.3.3848.0
193	798.f6c: FileDescription: Avast self protection module
194	798.f6c: \SystemRoot\System32\drivers\aswStm.sys:
195	798.f6c: CreationTime: 2018-04-10T14:29:19.672342400Z
196	798.f6c: LastWriteTime: 2018-04-10T14:29:10.356890200Z
197	798.f6c: ChangeTime: 2018-04-10T14:29:17.679979600Z
198	798.f6c: FileAttributes: 0x20
199	798.f6c: Size: 0x32498
200	798.f6c: NT Headers: 0x110
201	798.f6c: Timestamp: 0x5ab019af
202	798.f6c: Machine: 0x8664 - amd64
203	798.f6c: Timestamp: 0x5ab019af
204	798.f6c: Image Version: 10.0
205	798.f6c: SizeOfImage: 0x33000 (208896)
206	798.f6c: Resource Dir: 0x31000 LB 0x350
207	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
208	798.f6c: [Raw version resource data: 0x31060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
209	798.f6c: ProductName: Avast Antivirus
210	798.f6c: ProductVersion: 18.3.3848.0
211	798.f6c: FileVersion: 18.3.3848.0
212	798.f6c: FileDescription: Stream Filter
213	798.f6c: \SystemRoot\System32\drivers\aswVmm.sys:
214	798.f6c: CreationTime: 2018-04-10T14:29:19.669342100Z
215	798.f6c: LastWriteTime: 2018-04-10T14:29:10.107077500Z
216	798.f6c: ChangeTime: 2018-04-10T14:29:17.679979600Z
217	798.f6c: FileAttributes: 0x20
218	798.f6c: Size: 0x5ce70
219	798.f6c: NT Headers: 0xe8
220	798.f6c: Timestamp: 0x5ab0150d
221	798.f6c: Machine: 0x8664 - amd64
222	798.f6c: Timestamp: 0x5ab0150d
223	798.f6c: Image Version: 6.0
224	798.f6c: SizeOfImage: 0x5b000 (372736)
225	798.f6c: Resource Dir: 0x58000 LB 0x390
226	798.f6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
227	798.f6c: [Raw version resource data: 0x58060 LB 0x330, codepage 0x0 (reserved 0x0)]
228	798.f6c: ProductName: Avast Antivirus
229	798.f6c: ProductVersion: 18.3.3848.0
230	798.f6c: FileVersion: 18.3.3848.0
231	798.f6c: FileDescription: Avast VM Monitor
232	798.f6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
233	798.f6c: Calling main()
234	798.f6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
235	798.f6c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
236	798.f6c: SUPR3HardenedMain: Respawn #1
237	798.f6c: System32: \Device\HarddiskVolume2\Windows\System32
238	798.f6c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
239	798.f6c: KnownDllPath: C:\WINDOWS\System32
240	798.f6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
241	798.f6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
242	798.f6c: supR3HardNtEnableThreadCreation:
243	798.f6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe9c19280 pvNtTerminateThread=00007ffbe9c40d10
244	798.f6c: supR3HardenedWinDoReSpawn(1): New child 14c.1da8 [kernel32].
245	798.f6c: supR3HardNtChildGatherData: PebBaseAddress=0000000000651000 cbPeb=0x388
246	798.f6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe9ba0000 uNtDllChildAddr=00007ffbe9ba0000
247	798.f6c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe9c19280
248	798.f6c: supR3HardenedWinSetupChildInit: Start child.
249	798.f6c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
250	798.f6c: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 55 sleeps
251	798.f6c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
252	798.f6c: *0000000000000000-000000000056ffff 0x0001/0x0000 0x0000000
253	798.f6c: *0000000000570000-000000000058ffff 0x0004/0x0004 0x0020000
254	798.f6c: *0000000000590000-00000000005a8fff 0x0002/0x0002 0x0040000
255	798.f6c: 00000000005a9000-00000000005affff 0x0001/0x0000 0x0000000
256	798.f6c: *00000000005b0000-00000000005b3fff 0x0002/0x0002 0x0040000
257	798.f6c: 00000000005b4000-00000000005bffff 0x0001/0x0000 0x0000000
258	798.f6c: *00000000005c0000-00000000005c0fff 0x0004/0x0004 0x0020000
259	798.f6c: 00000000005c1000-00000000005fffff 0x0001/0x0000 0x0000000
260	798.f6c: *0000000000600000-0000000000650fff 0x0000/0x0004 0x0020000
261	798.f6c: 0000000000651000-0000000000653fff 0x0004/0x0004 0x0020000
262	798.f6c: 0000000000654000-00000000007fffff 0x0000/0x0004 0x0020000
263	798.f6c: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
264	798.f6c: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
265	798.f6c: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
266	798.f6c: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
267	798.f6c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
268	798.f6c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
269	798.f6c: 000000007fff0000-00007ff68bb1ffff 0x0001/0x0000 0x0000000
270	798.f6c: *00007ff68bb20000-00007ff68bb42fff 0x0002/0x0002 0x0040000
271	798.f6c: 00007ff68bb43000-00007ff68bceffff 0x0001/0x0000 0x0000000
272	798.f6c: *00007ff68bcf0000-00007ff68bcf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
273	798.f6c: 00007ff68bcf1000-00007ff68bd61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274	798.f6c: 00007ff68bd62000-00007ff68bd62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
275	798.f6c: 00007ff68bd63000-00007ff68bda8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
276	798.f6c: 00007ff68bda9000-00007ff68bda9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
277	798.f6c: 00007ff68bdaa000-00007ff68bdaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
278	798.f6c: 00007ff68bdab000-00007ff68bdaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
279	798.f6c: 00007ff68bdb0000-00007ff68bdb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
280	798.f6c: 00007ff68bdb1000-00007ff68bdb1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
281	798.f6c: 00007ff68bdb2000-00007ff68bdb5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
282	798.f6c: 00007ff68bdb6000-00007ff68bdfdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
283	798.f6c: 00007ff68bdfe000-00007ffbe9b9ffff 0x0001/0x0000 0x0000000
284	798.f6c: *00007ffbe9ba0000-00007ffbe9ba0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
285	798.f6c: 00007ffbe9ba1000-00007ffbe9cb2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
286	798.f6c: 00007ffbe9cb3000-00007ffbe9cf8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
287	798.f6c: 00007ffbe9cf9000-00007ffbe9d00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
288	798.f6c: 00007ffbe9d01000-00007ffbe9d0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
289	798.f6c: 00007ffbe9d0f000-00007ffbe9d0ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
290	798.f6c: 00007ffbe9d10000-00007ffbe9d12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
291	798.f6c: 00007ffbe9d13000-00007ffbe9d7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
292	798.f6c: 00007ffbe9d80000-00007ffffffdffff 0x0001/0x0000 0x0000000
293	798.f6c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
294	798.f6c: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
295	798.f6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
296	798.f6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
297	798.f6c: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
298	14c.1da8: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
299	14c.1da8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe9ba0000 g_uNtVerCombined=0xa03fab00
300	798.f6c: supR3HardNtEnableThreadCreation:
301	14c.1da8: ntdll.dll: timestamp 0xe508fc03 (rc=VINF_SUCCESS)
302	14c.1da8: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation)
303	14c.1da8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
304	14c.1da8: System32: \Device\HarddiskVolume2\Windows\System32
305	14c.1da8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
306	14c.1da8: KnownDllPath: C:\WINDOWS\System32
307	14c.1da8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
308	14c.1da8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
309	14c.1da8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
310	14c.1da8: Registered Dll notification callback with NTDLL.
311	14c.1da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
312	14c.1da8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
313	14c.1da8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
314	14c.1da8: supR3HardenedDllNotificationCallback: load 00007ffbe65e0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
315	14c.1da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
316	14c.1da8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
317	14c.1da8: supR3HardenedDllNotificationCallback: load 00007ffbe99b0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
318	14c.1da8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
319	14c.1da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe99b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
320	14c.1da8: supR3HardenedDllNotificationCallback: load 00007ff68bcf0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
321	14c.1da8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
322	14c.1da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
323	14c.1da8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
324	14c.1da8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe9c19280 pvNtTerminateThread=00007ffbe9c40d10
325	798.f6c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
326	14c.1da8: \SystemRoot\System32\ntdll.dll:
327	14c.1da8: CreationTime: 2018-04-11T13:18:17.374861500Z
328	14c.1da8: LastWriteTime: 2018-03-13T07:02:15.839353900Z
329	14c.1da8: ChangeTime: 2018-04-11T14:16:47.914510200Z
330	14c.1da8: FileAttributes: 0x20
331	14c.1da8: Size: 0x1dd100
332	14c.1da8: NT Headers: 0xe0
333	14c.1da8: Timestamp: 0xe508fc03
334	14c.1da8: Machine: 0x8664 - amd64
335	14c.1da8: Timestamp: 0xe508fc03
336	14c.1da8: Image Version: 10.0
337	14c.1da8: SizeOfImage: 0x1e0000 (1966080)
338	14c.1da8: Resource Dir: 0x174000 LB 0x6a1d8
339	14c.1da8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
340	14c.1da8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
341	14c.1da8: ProductName: Microsoft® Windows® Operating System
342	14c.1da8: ProductVersion: 10.0.16299.334
343	14c.1da8: FileVersion: 10.0.16299.334 (WinBuild.160101.0800)
344	14c.1da8: FileDescription: NT Layer DLL
345	14c.1da8: \SystemRoot\System32\kernel32.dll:
346	14c.1da8: CreationTime: 2017-09-29T13:42:04.954227600Z
347	14c.1da8: LastWriteTime: 2017-09-29T13:42:04.954227600Z
348	14c.1da8: ChangeTime: 2018-04-11T14:17:44.610006000Z
349	14c.1da8: FileAttributes: 0x20
350	14c.1da8: Size: 0xab868
351	14c.1da8: NT Headers: 0xe8
352	14c.1da8: Timestamp: 0xc2cf900
353	14c.1da8: Machine: 0x8664 - amd64
354	14c.1da8: Timestamp: 0xc2cf900
355	14c.1da8: Image Version: 10.0
356	14c.1da8: SizeOfImage: 0xae000 (712704)
357	14c.1da8: Resource Dir: 0xac000 LB 0x520
358	14c.1da8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
359	14c.1da8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
360	14c.1da8: ProductName: Microsoft® Windows® Operating System
361	14c.1da8: ProductVersion: 10.0.16299.15
362	14c.1da8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
363	14c.1da8: FileDescription: Windows NT BASE API Client DLL
364	14c.1da8: \SystemRoot\System32\KernelBase.dll:
365	14c.1da8: CreationTime: 2018-04-11T13:18:12.592545800Z
366	14c.1da8: LastWriteTime: 2018-03-30T05:08:26.893801200Z
367	14c.1da8: ChangeTime: 2018-04-11T14:17:47.885705500Z
368	14c.1da8: FileAttributes: 0x20
369	14c.1da8: Size: 0x265c00
370	14c.1da8: NT Headers: 0xf0
371	14c.1da8: Timestamp: 0x6369e29f
372	14c.1da8: Machine: 0x8664 - amd64
373	14c.1da8: Timestamp: 0x6369e29f
374	14c.1da8: Image Version: 10.0
375	14c.1da8: SizeOfImage: 0x266000 (2514944)
376	14c.1da8: Resource Dir: 0x245000 LB 0x548
377	14c.1da8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
378	14c.1da8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
379	14c.1da8: ProductName: Microsoft® Windows® Operating System
380	14c.1da8: ProductVersion: 10.0.16299.371
381	14c.1da8: FileVersion: 10.0.16299.371 (WinBuild.160101.0800)
382	14c.1da8: FileDescription: Windows NT BASE API Client DLL
383	14c.1da8: \SystemRoot\System32\apisetschema.dll:
384	14c.1da8: CreationTime: 2017-09-29T13:42:07.095026600Z
385	14c.1da8: LastWriteTime: 2017-09-29T13:42:07.095026600Z
386	14c.1da8: ChangeTime: 2018-04-12T18:46:56.532224100Z
387	14c.1da8: FileAttributes: 0x20
388	14c.1da8: Size: 0x1b398
389	14c.1da8: NT Headers: 0xc8
390	14c.1da8: Timestamp: 0xf30abf31
391	14c.1da8: Machine: 0x8664 - amd64
392	14c.1da8: Timestamp: 0xf30abf31
393	14c.1da8: Image Version: 10.0
394	14c.1da8: SizeOfImage: 0x1c000 (114688)
395	14c.1da8: Resource Dir: 0x1b000 LB 0x408
396	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
397	14c.1da8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
398	14c.1da8: ProductName: Microsoft® Windows® Operating System
399	14c.1da8: ProductVersion: 10.0.16299.15
400	14c.1da8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
401	14c.1da8: FileDescription: ApiSet Schema DLL
402	14c.1da8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
403	14c.1da8: supR3HardenedWinFindAdversaries: 0x4
404	14c.1da8: \SystemRoot\System32\drivers\aswHwid.sys:
405	14c.1da8: CreationTime: 2018-04-10T14:29:19.657340600Z
406	14c.1da8: LastWriteTime: 2018-04-10T14:29:09.883548700Z
407	14c.1da8: ChangeTime: 2018-04-10T14:29:17.677979500Z
408	14c.1da8: FileAttributes: 0x20
409	14c.1da8: Size: 0xb778
410	14c.1da8: NT Headers: 0xf0
411	14c.1da8: Timestamp: 0x5ab01504
412	14c.1da8: Machine: 0x8664 - amd64
413	14c.1da8: Timestamp: 0x5ab01504
414	14c.1da8: Image Version: 6.0
415	14c.1da8: SizeOfImage: 0xa000 (40960)
416	14c.1da8: Resource Dir: 0x8000 LB 0x388
417	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
418	14c.1da8: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
419	14c.1da8: ProductName: Avast Antivirus
420	14c.1da8: ProductVersion: 18.3.3848.0
421	14c.1da8: FileVersion: 18.3.3848.0
422	14c.1da8: FileDescription: Avast HWID
423	14c.1da8: \SystemRoot\System32\drivers\aswMonFlt.sys:
424	14c.1da8: CreationTime: 2018-04-10T14:29:19.660341900Z
425	14c.1da8: LastWriteTime: 2018-04-12T18:29:27.419544000Z
426	14c.1da8: ChangeTime: 2018-04-12T18:29:27.419544000Z
427	14c.1da8: FileAttributes: 0x20
428	14c.1da8: Size: 0x23f18
429	14c.1da8: NT Headers: 0xe0
430	14c.1da8: Timestamp: 0x5acc4cc6
431	14c.1da8: Machine: 0x8664 - amd64
432	14c.1da8: Timestamp: 0x5acc4cc6
433	14c.1da8: Image Version: 6.0
434	14c.1da8: SizeOfImage: 0x28000 (163840)
435	14c.1da8: Resource Dir: 0x26000 LB 0x3b8
436	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
437	14c.1da8: [Raw version resource data: 0x26060 LB 0x354, codepage 0x0 (reserved 0x0)]
438	14c.1da8: ProductName: Avast Antivirus
439	14c.1da8: ProductVersion: 18.3.3860.315
440	14c.1da8: FileVersion: 18.3.3860.315
441	14c.1da8: FileDescription: Avast File System Minifilter for Windows 2003/Vista
442	14c.1da8: \SystemRoot\System32\drivers\aswRdr2.sys:
443	14c.1da8: CreationTime: 2018-04-10T14:29:19.651340300Z
444	14c.1da8: LastWriteTime: 2018-04-10T14:29:09.495929000Z
445	14c.1da8: ChangeTime: 2018-04-10T14:29:17.677979500Z
446	14c.1da8: FileAttributes: 0x20
447	14c.1da8: Size: 0x1b2f8
448	14c.1da8: NT Headers: 0xe8
449	14c.1da8: Timestamp: 0x5ab0151a
450	14c.1da8: Machine: 0x8664 - amd64
451	14c.1da8: Timestamp: 0x5ab0151a
452	14c.1da8: Image Version: 6.1
453	14c.1da8: SizeOfImage: 0x1a000 (106496)
454	14c.1da8: Resource Dir: 0x18000 LB 0x398
455	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
456	14c.1da8: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
457	14c.1da8: ProductName: Avast Antivirus
458	14c.1da8: ProductVersion: 18.3.3848.0
459	14c.1da8: FileVersion: 18.3.3848.0 built by: WinDDK
460	14c.1da8: FileDescription: Avast WFP Redirect Driver
461	14c.1da8: \SystemRoot\System32\drivers\aswRvrt.sys:
462	14c.1da8: CreationTime: 2018-04-10T14:29:19.663341600Z
463	14c.1da8: LastWriteTime: 2018-04-10T14:29:09.971060300Z
464	14c.1da8: ChangeTime: 2018-04-10T14:29:17.678980200Z
465	14c.1da8: FileAttributes: 0x20
466	14c.1da8: Size: 0x14990
467	14c.1da8: NT Headers: 0xe0
468	14c.1da8: Timestamp: 0x5ab01509
469	14c.1da8: Machine: 0x8664 - amd64
470	14c.1da8: Timestamp: 0x5ab01509
471	14c.1da8: Image Version: 6.0
472	14c.1da8: SizeOfImage: 0x13000 (77824)
473	14c.1da8: Resource Dir: 0x11000 LB 0x388
474	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
475	14c.1da8: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
476	14c.1da8: ProductName: Avast Antivirus
477	14c.1da8: ProductVersion: 18.3.3848.0
478	14c.1da8: FileVersion: 18.3.3848.0
479	14c.1da8: FileDescription: Avast Revert
480	14c.1da8: \SystemRoot\System32\drivers\aswSnx.sys:
481	14c.1da8: CreationTime: 2018-04-10T14:29:19.647339900Z
482	14c.1da8: LastWriteTime: 2018-04-10T14:28:52.602921100Z
483	14c.1da8: ChangeTime: 2018-04-10T14:29:17.678980200Z
484	14c.1da8: FileAttributes: 0x20
485	14c.1da8: Size: 0xfaa88
486	14c.1da8: NT Headers: 0xe8
487	14c.1da8: Timestamp: 0x5ab01532
488	14c.1da8: Machine: 0x8664 - amd64
489	14c.1da8: Timestamp: 0x5ab01532
490	14c.1da8: Image Version: 6.0
491	14c.1da8: SizeOfImage: 0xf8000 (1015808)
492	14c.1da8: Resource Dir: 0xf0000 LB 0x378
493	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
494	14c.1da8: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
495	14c.1da8: ProductName: Avast Antivirus
496	14c.1da8: ProductVersion: 18.3.3848.0
497	14c.1da8: FileVersion: 18.3.3848.0
498	14c.1da8: FileDescription: Avast Virtualization Driver
499	14c.1da8: \SystemRoot\System32\drivers\aswsp.sys:
500	14c.1da8: CreationTime: 2018-04-10T14:29:19.666341600Z
501	14c.1da8: LastWriteTime: 2018-04-10T14:29:10.031568000Z
502	14c.1da8: ChangeTime: 2018-04-10T14:29:17.678980200Z
503	14c.1da8: FileAttributes: 0x20
504	14c.1da8: Size: 0x706e8
505	14c.1da8: NT Headers: 0xe0
506	14c.1da8: Timestamp: 0x5ab01527
507	14c.1da8: Machine: 0x8664 - amd64
508	14c.1da8: Timestamp: 0x5ab01527
509	14c.1da8: Image Version: 6.0
510	14c.1da8: SizeOfImage: 0x72000 (466944)
511	14c.1da8: Resource Dir: 0x70000 LB 0x370
512	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
513	14c.1da8: [Raw version resource data: 0x70060 LB 0x310, codepage 0x0 (reserved 0x0)]
514	14c.1da8: ProductName: Avast Antivirus
515	14c.1da8: ProductVersion: 18.3.3848.0
516	14c.1da8: FileVersion: 18.3.3848.0
517	14c.1da8: FileDescription: Avast self protection module
518	14c.1da8: \SystemRoot\System32\drivers\aswStm.sys:
519	14c.1da8: CreationTime: 2018-04-10T14:29:19.672342400Z
520	14c.1da8: LastWriteTime: 2018-04-10T14:29:10.356890200Z
521	14c.1da8: ChangeTime: 2018-04-10T14:29:17.679979600Z
522	14c.1da8: FileAttributes: 0x20
523	14c.1da8: Size: 0x32498
524	14c.1da8: NT Headers: 0x110
525	14c.1da8: Timestamp: 0x5ab019af
526	14c.1da8: Machine: 0x8664 - amd64
527	14c.1da8: Timestamp: 0x5ab019af
528	14c.1da8: Image Version: 10.0
529	14c.1da8: SizeOfImage: 0x33000 (208896)
530	14c.1da8: Resource Dir: 0x31000 LB 0x350
531	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
532	14c.1da8: [Raw version resource data: 0x31060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
533	14c.1da8: ProductName: Avast Antivirus
534	14c.1da8: ProductVersion: 18.3.3848.0
535	14c.1da8: FileVersion: 18.3.3848.0
536	14c.1da8: FileDescription: Stream Filter
537	14c.1da8: \SystemRoot\System32\drivers\aswVmm.sys:
538	14c.1da8: CreationTime: 2018-04-10T14:29:19.669342100Z
539	14c.1da8: LastWriteTime: 2018-04-10T14:29:10.107077500Z
540	14c.1da8: ChangeTime: 2018-04-10T14:29:17.679979600Z
541	14c.1da8: FileAttributes: 0x20
542	14c.1da8: Size: 0x5ce70
543	14c.1da8: NT Headers: 0xe8
544	14c.1da8: Timestamp: 0x5ab0150d
545	14c.1da8: Machine: 0x8664 - amd64
546	14c.1da8: Timestamp: 0x5ab0150d
547	14c.1da8: Image Version: 6.0
548	14c.1da8: SizeOfImage: 0x5b000 (372736)
549	14c.1da8: Resource Dir: 0x58000 LB 0x390
550	14c.1da8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
551	14c.1da8: [Raw version resource data: 0x58060 LB 0x330, codepage 0x0 (reserved 0x0)]
552	14c.1da8: ProductName: Avast Antivirus
553	14c.1da8: ProductVersion: 18.3.3848.0
554	14c.1da8: FileVersion: 18.3.3848.0
555	14c.1da8: FileDescription: Avast VM Monitor
556	14c.1da8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
557	14c.1da8: Calling main()
558	14c.1da8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
559	14c.1da8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
560	14c.1da8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
561	14c.1da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
562	14c.1da8: SUPR3HardenedMain: Respawn #2
563	14c.1da8: supR3HardNtEnableThreadCreation:
564	14c.1da8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
565	14c.1da8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
566	14c.1da8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
567	14c.1da8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
568	14c.1da8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9ba0000 'C:\WINDOWS\System32\ntdll.dll'
569	14c.1da8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe9c19280 pvNtTerminateThread=00007ffbe9c40d10
570	14c.1da8: supR3HardenedWinDoReSpawn(2): New child 1cf0.41c [kernel32].
571	14c.1da8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
572	14c.1da8: supR3HardNtChildGatherData: PebBaseAddress=00000000004ae000 cbPeb=0x388
573	14c.1da8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe9ba0000 uNtDllChildAddr=00007ffbe9ba0000
574	14c.1da8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe9c19280
575	14c.1da8: supR3HardenedWinSetupChildInit: Start child.
576	14c.1da8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
577	14c.1da8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 45 sleeps
578	14c.1da8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
579	14c.1da8: *0000000000000000-000000000020ffff 0x0001/0x0000 0x0000000
580	14c.1da8: *0000000000210000-000000000022ffff 0x0004/0x0004 0x0020000
581	14c.1da8: *0000000000230000-0000000000248fff 0x0002/0x0002 0x0040000
582	14c.1da8: 0000000000249000-000000000024ffff 0x0001/0x0000 0x0000000
583	14c.1da8: *0000000000250000-000000000034afff 0x0000/0x0004 0x0020000
584	14c.1da8: 000000000034b000-000000000034dfff 0x0104/0x0004 0x0020000
585	14c.1da8: 000000000034e000-000000000034ffff 0x0004/0x0004 0x0020000
586	14c.1da8: *0000000000350000-0000000000353fff 0x0002/0x0002 0x0040000
587	14c.1da8: 0000000000354000-000000000035ffff 0x0001/0x0000 0x0000000
588	14c.1da8: *0000000000360000-0000000000360fff 0x0004/0x0004 0x0020000
589	14c.1da8: 0000000000361000-00000000003fffff 0x0001/0x0000 0x0000000
590	14c.1da8: *0000000000400000-00000000004adfff 0x0000/0x0004 0x0020000
591	14c.1da8: 00000000004ae000-00000000004b0fff 0x0004/0x0004 0x0020000
592	14c.1da8: 00000000004b1000-00000000005fffff 0x0000/0x0004 0x0020000
593	14c.1da8: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
594	14c.1da8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
595	14c.1da8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
596	14c.1da8: 000000007fff0000-00007ff68b91ffff 0x0001/0x0000 0x0000000
597	14c.1da8: *00007ff68b920000-00007ff68b942fff 0x0002/0x0002 0x0040000
598	14c.1da8: 00007ff68b943000-00007ff68bceffff 0x0001/0x0000 0x0000000
599	14c.1da8: *00007ff68bcf0000-00007ff68bcf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
600	14c.1da8: 00007ff68bcf1000-00007ff68bd61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
601	14c.1da8: 00007ff68bd62000-00007ff68bd62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
602	14c.1da8: 00007ff68bd63000-00007ff68bda8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
603	14c.1da8: 00007ff68bda9000-00007ff68bda9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
604	14c.1da8: 00007ff68bdaa000-00007ff68bdaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
605	14c.1da8: 00007ff68bdab000-00007ff68bdaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
606	14c.1da8: 00007ff68bdb0000-00007ff68bdb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
607	14c.1da8: 00007ff68bdb1000-00007ff68bdb1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
608	14c.1da8: 00007ff68bdb2000-00007ff68bdb5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
609	14c.1da8: 00007ff68bdb6000-00007ff68bdfdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
610	14c.1da8: 00007ff68bdfe000-00007ffbe9b9ffff 0x0001/0x0000 0x0000000
611	14c.1da8: *00007ffbe9ba0000-00007ffbe9ba0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
612	14c.1da8: 00007ffbe9ba1000-00007ffbe9cb2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
613	14c.1da8: 00007ffbe9cb3000-00007ffbe9cf8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
614	14c.1da8: 00007ffbe9cf9000-00007ffbe9d00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
615	14c.1da8: 00007ffbe9d01000-00007ffbe9d0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
616	14c.1da8: 00007ffbe9d0f000-00007ffbe9d0ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
617	14c.1da8: 00007ffbe9d10000-00007ffbe9d12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
618	14c.1da8: 00007ffbe9d13000-00007ffbe9d7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
619	14c.1da8: 00007ffbe9d80000-00007ffffffdffff 0x0001/0x0000 0x0000000
620	14c.1da8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
621	14c.1da8: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
622	14c.1da8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
623	14c.1da8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
624	14c.1da8: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
625	14c.1da8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
626	1cf0.41c: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
627	14c.1da8: supR3HardNtEnableThreadCreation:
628	1cf0.41c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe9ba0000 g_uNtVerCombined=0xa03fab00
629	1cf0.41c: ntdll.dll: timestamp 0xe508fc03 (rc=VINF_SUCCESS)
630	1cf0.41c: New simple heap: #1 0000000000700000 LB 0x400000 (for 1966080 allocation)
631	1cf0.41c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
632	1cf0.41c: System32: \Device\HarddiskVolume2\Windows\System32
633	1cf0.41c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
634	1cf0.41c: KnownDllPath: C:\WINDOWS\System32
635	1cf0.41c: supR3HardenedVmProcessInit: Opening vboxdrv...
636	1cf0.41c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
637	1cf0.41c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
638	1cf0.41c: Registered Dll notification callback with NTDLL.
639	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
640	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
641	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
642	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe65e0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
643	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
644	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
645	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe99b0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
646	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
647	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe99b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
648	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ff68bcf0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
649	1cf0.41c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
650	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
651	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
652	1cf0.41c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe9c19280 pvNtTerminateThread=00007ffbe9c40d10
653	14c.1da8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 86 ms.
654	1cf0.41c: \SystemRoot\System32\ntdll.dll:
655	1cf0.41c: CreationTime: 2018-04-11T13:18:17.374861500Z
656	1cf0.41c: LastWriteTime: 2018-03-13T07:02:15.839353900Z
657	1cf0.41c: ChangeTime: 2018-04-11T14:16:47.914510200Z
658	1cf0.41c: FileAttributes: 0x20
659	1cf0.41c: Size: 0x1dd100
660	1cf0.41c: NT Headers: 0xe0
661	1cf0.41c: Timestamp: 0xe508fc03
662	1cf0.41c: Machine: 0x8664 - amd64
663	1cf0.41c: Timestamp: 0xe508fc03
664	1cf0.41c: Image Version: 10.0
665	1cf0.41c: SizeOfImage: 0x1e0000 (1966080)
666	1cf0.41c: Resource Dir: 0x174000 LB 0x6a1d8
667	1cf0.41c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
668	1cf0.41c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
669	1cf0.41c: ProductName: Microsoft® Windows® Operating System
670	1cf0.41c: ProductVersion: 10.0.16299.334
671	1cf0.41c: FileVersion: 10.0.16299.334 (WinBuild.160101.0800)
672	1cf0.41c: FileDescription: NT Layer DLL
673	1cf0.41c: \SystemRoot\System32\kernel32.dll:
674	1cf0.41c: CreationTime: 2017-09-29T13:42:04.954227600Z
675	1cf0.41c: LastWriteTime: 2017-09-29T13:42:04.954227600Z
676	1cf0.41c: ChangeTime: 2018-04-11T14:17:44.610006000Z
677	1cf0.41c: FileAttributes: 0x20
678	1cf0.41c: Size: 0xab868
679	1cf0.41c: NT Headers: 0xe8
680	1cf0.41c: Timestamp: 0xc2cf900
681	1cf0.41c: Machine: 0x8664 - amd64
682	1cf0.41c: Timestamp: 0xc2cf900
683	1cf0.41c: Image Version: 10.0
684	1cf0.41c: SizeOfImage: 0xae000 (712704)
685	1cf0.41c: Resource Dir: 0xac000 LB 0x520
686	1cf0.41c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
687	1cf0.41c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
688	1cf0.41c: ProductName: Microsoft® Windows® Operating System
689	1cf0.41c: ProductVersion: 10.0.16299.15
690	1cf0.41c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
691	1cf0.41c: FileDescription: Windows NT BASE API Client DLL
692	1cf0.41c: \SystemRoot\System32\KernelBase.dll:
693	1cf0.41c: CreationTime: 2018-04-11T13:18:12.592545800Z
694	1cf0.41c: LastWriteTime: 2018-03-30T05:08:26.893801200Z
695	1cf0.41c: ChangeTime: 2018-04-11T14:17:47.885705500Z
696	1cf0.41c: FileAttributes: 0x20
697	1cf0.41c: Size: 0x265c00
698	1cf0.41c: NT Headers: 0xf0
699	1cf0.41c: Timestamp: 0x6369e29f
700	1cf0.41c: Machine: 0x8664 - amd64
701	1cf0.41c: Timestamp: 0x6369e29f
702	1cf0.41c: Image Version: 10.0
703	1cf0.41c: SizeOfImage: 0x266000 (2514944)
704	1cf0.41c: Resource Dir: 0x245000 LB 0x548
705	1cf0.41c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
706	1cf0.41c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
707	1cf0.41c: ProductName: Microsoft® Windows® Operating System
708	1cf0.41c: ProductVersion: 10.0.16299.371
709	1cf0.41c: FileVersion: 10.0.16299.371 (WinBuild.160101.0800)
710	1cf0.41c: FileDescription: Windows NT BASE API Client DLL
711	1cf0.41c: \SystemRoot\System32\apisetschema.dll:
712	1cf0.41c: CreationTime: 2017-09-29T13:42:07.095026600Z
713	1cf0.41c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
714	1cf0.41c: ChangeTime: 2018-04-12T18:46:56.532224100Z
715	1cf0.41c: FileAttributes: 0x20
716	1cf0.41c: Size: 0x1b398
717	1cf0.41c: NT Headers: 0xc8
718	1cf0.41c: Timestamp: 0xf30abf31
719	1cf0.41c: Machine: 0x8664 - amd64
720	1cf0.41c: Timestamp: 0xf30abf31
721	1cf0.41c: Image Version: 10.0
722	1cf0.41c: SizeOfImage: 0x1c000 (114688)
723	1cf0.41c: Resource Dir: 0x1b000 LB 0x408
724	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
725	1cf0.41c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
726	1cf0.41c: ProductName: Microsoft® Windows® Operating System
727	1cf0.41c: ProductVersion: 10.0.16299.15
728	1cf0.41c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
729	1cf0.41c: FileDescription: ApiSet Schema DLL
730	1cf0.41c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
731	1cf0.41c: supR3HardenedWinFindAdversaries: 0x4
732	1cf0.41c: \SystemRoot\System32\drivers\aswHwid.sys:
733	1cf0.41c: CreationTime: 2018-04-10T14:29:19.657340600Z
734	1cf0.41c: LastWriteTime: 2018-04-10T14:29:09.883548700Z
735	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.677979500Z
736	1cf0.41c: FileAttributes: 0x20
737	1cf0.41c: Size: 0xb778
738	1cf0.41c: NT Headers: 0xf0
739	1cf0.41c: Timestamp: 0x5ab01504
740	1cf0.41c: Machine: 0x8664 - amd64
741	1cf0.41c: Timestamp: 0x5ab01504
742	1cf0.41c: Image Version: 6.0
743	1cf0.41c: SizeOfImage: 0xa000 (40960)
744	1cf0.41c: Resource Dir: 0x8000 LB 0x388
745	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
746	1cf0.41c: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
747	1cf0.41c: ProductName: Avast Antivirus
748	1cf0.41c: ProductVersion: 18.3.3848.0
749	1cf0.41c: FileVersion: 18.3.3848.0
750	1cf0.41c: FileDescription: Avast HWID
751	1cf0.41c: \SystemRoot\System32\drivers\aswMonFlt.sys:
752	1cf0.41c: CreationTime: 2018-04-10T14:29:19.660341900Z
753	1cf0.41c: LastWriteTime: 2018-04-12T18:29:27.419544000Z
754	1cf0.41c: ChangeTime: 2018-04-12T18:29:27.419544000Z
755	1cf0.41c: FileAttributes: 0x20
756	1cf0.41c: Size: 0x23f18
757	1cf0.41c: NT Headers: 0xe0
758	1cf0.41c: Timestamp: 0x5acc4cc6
759	1cf0.41c: Machine: 0x8664 - amd64
760	1cf0.41c: Timestamp: 0x5acc4cc6
761	1cf0.41c: Image Version: 6.0
762	1cf0.41c: SizeOfImage: 0x28000 (163840)
763	1cf0.41c: Resource Dir: 0x26000 LB 0x3b8
764	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
765	1cf0.41c: [Raw version resource data: 0x26060 LB 0x354, codepage 0x0 (reserved 0x0)]
766	1cf0.41c: ProductName: Avast Antivirus
767	1cf0.41c: ProductVersion: 18.3.3860.315
768	1cf0.41c: FileVersion: 18.3.3860.315
769	1cf0.41c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
770	1cf0.41c: \SystemRoot\System32\drivers\aswRdr2.sys:
771	1cf0.41c: CreationTime: 2018-04-10T14:29:19.651340300Z
772	1cf0.41c: LastWriteTime: 2018-04-10T14:29:09.495929000Z
773	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.677979500Z
774	1cf0.41c: FileAttributes: 0x20
775	1cf0.41c: Size: 0x1b2f8
776	1cf0.41c: NT Headers: 0xe8
777	1cf0.41c: Timestamp: 0x5ab0151a
778	1cf0.41c: Machine: 0x8664 - amd64
779	1cf0.41c: Timestamp: 0x5ab0151a
780	1cf0.41c: Image Version: 6.1
781	1cf0.41c: SizeOfImage: 0x1a000 (106496)
782	1cf0.41c: Resource Dir: 0x18000 LB 0x398
783	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
784	1cf0.41c: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
785	1cf0.41c: ProductName: Avast Antivirus
786	1cf0.41c: ProductVersion: 18.3.3848.0
787	1cf0.41c: FileVersion: 18.3.3848.0 built by: WinDDK
788	1cf0.41c: FileDescription: Avast WFP Redirect Driver
789	1cf0.41c: \SystemRoot\System32\drivers\aswRvrt.sys:
790	1cf0.41c: CreationTime: 2018-04-10T14:29:19.663341600Z
791	1cf0.41c: LastWriteTime: 2018-04-10T14:29:09.971060300Z
792	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.678980200Z
793	1cf0.41c: FileAttributes: 0x20
794	1cf0.41c: Size: 0x14990
795	1cf0.41c: NT Headers: 0xe0
796	1cf0.41c: Timestamp: 0x5ab01509
797	1cf0.41c: Machine: 0x8664 - amd64
798	1cf0.41c: Timestamp: 0x5ab01509
799	1cf0.41c: Image Version: 6.0
800	1cf0.41c: SizeOfImage: 0x13000 (77824)
801	1cf0.41c: Resource Dir: 0x11000 LB 0x388
802	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
803	1cf0.41c: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
804	1cf0.41c: ProductName: Avast Antivirus
805	1cf0.41c: ProductVersion: 18.3.3848.0
806	1cf0.41c: FileVersion: 18.3.3848.0
807	1cf0.41c: FileDescription: Avast Revert
808	1cf0.41c: \SystemRoot\System32\drivers\aswSnx.sys:
809	1cf0.41c: CreationTime: 2018-04-10T14:29:19.647339900Z
810	1cf0.41c: LastWriteTime: 2018-04-10T14:28:52.602921100Z
811	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.678980200Z
812	1cf0.41c: FileAttributes: 0x20
813	1cf0.41c: Size: 0xfaa88
814	1cf0.41c: NT Headers: 0xe8
815	1cf0.41c: Timestamp: 0x5ab01532
816	1cf0.41c: Machine: 0x8664 - amd64
817	1cf0.41c: Timestamp: 0x5ab01532
818	1cf0.41c: Image Version: 6.0
819	1cf0.41c: SizeOfImage: 0xf8000 (1015808)
820	1cf0.41c: Resource Dir: 0xf0000 LB 0x378
821	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
822	1cf0.41c: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
823	1cf0.41c: ProductName: Avast Antivirus
824	1cf0.41c: ProductVersion: 18.3.3848.0
825	1cf0.41c: FileVersion: 18.3.3848.0
826	1cf0.41c: FileDescription: Avast Virtualization Driver
827	1cf0.41c: \SystemRoot\System32\drivers\aswsp.sys:
828	1cf0.41c: CreationTime: 2018-04-10T14:29:19.666341600Z
829	1cf0.41c: LastWriteTime: 2018-04-10T14:29:10.031568000Z
830	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.678980200Z
831	1cf0.41c: FileAttributes: 0x20
832	1cf0.41c: Size: 0x706e8
833	1cf0.41c: NT Headers: 0xe0
834	1cf0.41c: Timestamp: 0x5ab01527
835	1cf0.41c: Machine: 0x8664 - amd64
836	1cf0.41c: Timestamp: 0x5ab01527
837	1cf0.41c: Image Version: 6.0
838	1cf0.41c: SizeOfImage: 0x72000 (466944)
839	1cf0.41c: Resource Dir: 0x70000 LB 0x370
840	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
841	1cf0.41c: [Raw version resource data: 0x70060 LB 0x310, codepage 0x0 (reserved 0x0)]
842	1cf0.41c: ProductName: Avast Antivirus
843	1cf0.41c: ProductVersion: 18.3.3848.0
844	1cf0.41c: FileVersion: 18.3.3848.0
845	1cf0.41c: FileDescription: Avast self protection module
846	1cf0.41c: \SystemRoot\System32\drivers\aswStm.sys:
847	1cf0.41c: CreationTime: 2018-04-10T14:29:19.672342400Z
848	1cf0.41c: LastWriteTime: 2018-04-10T14:29:10.356890200Z
849	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.679979600Z
850	1cf0.41c: FileAttributes: 0x20
851	1cf0.41c: Size: 0x32498
852	1cf0.41c: NT Headers: 0x110
853	1cf0.41c: Timestamp: 0x5ab019af
854	1cf0.41c: Machine: 0x8664 - amd64
855	1cf0.41c: Timestamp: 0x5ab019af
856	1cf0.41c: Image Version: 10.0
857	1cf0.41c: SizeOfImage: 0x33000 (208896)
858	1cf0.41c: Resource Dir: 0x31000 LB 0x350
859	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
860	1cf0.41c: [Raw version resource data: 0x31060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
861	1cf0.41c: ProductName: Avast Antivirus
862	1cf0.41c: ProductVersion: 18.3.3848.0
863	1cf0.41c: FileVersion: 18.3.3848.0
864	1cf0.41c: FileDescription: Stream Filter
865	1cf0.41c: \SystemRoot\System32\drivers\aswVmm.sys:
866	1cf0.41c: CreationTime: 2018-04-10T14:29:19.669342100Z
867	1cf0.41c: LastWriteTime: 2018-04-10T14:29:10.107077500Z
868	1cf0.41c: ChangeTime: 2018-04-10T14:29:17.679979600Z
869	1cf0.41c: FileAttributes: 0x20
870	1cf0.41c: Size: 0x5ce70
871	1cf0.41c: NT Headers: 0xe8
872	1cf0.41c: Timestamp: 0x5ab0150d
873	1cf0.41c: Machine: 0x8664 - amd64
874	1cf0.41c: Timestamp: 0x5ab0150d
875	1cf0.41c: Image Version: 6.0
876	1cf0.41c: SizeOfImage: 0x5b000 (372736)
877	1cf0.41c: Resource Dir: 0x58000 LB 0x390
878	1cf0.41c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
879	1cf0.41c: [Raw version resource data: 0x58060 LB 0x330, codepage 0x0 (reserved 0x0)]
880	1cf0.41c: ProductName: Avast Antivirus
881	1cf0.41c: ProductVersion: 18.3.3848.0
882	1cf0.41c: FileVersion: 18.3.3848.0
883	1cf0.41c: FileDescription: Avast VM Monitor
884	1cf0.41c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
885	1cf0.41c: Calling main()
886	1cf0.41c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
887	1cf0.41c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
888	1cf0.41c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
889	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
890	1cf0.41c: SUPR3HardenedMain: Final process, opening VBoxDrv...
891	1cf0.41c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
892	1cf0.41c: supR3HardNtEnableThreadCreation:
893	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
894	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
895	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
896	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
897	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb4dd0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
898	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
899	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
900	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
901	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4dd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
902	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
903	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
904	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4dd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
905	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb4dd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
906	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
907	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
908	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
909	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
910	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
911	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
912	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
913	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
914	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
915	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
916	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
917	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
918	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
919	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
920	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
921	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
922	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
923	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
924	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
925	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
926	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
927	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
928	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
929	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
930	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
931	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
932	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
933	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9600000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
934	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
935	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5f10000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
936	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
937	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe6480000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
938	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
939	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
940	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe6160000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
941	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
942	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe96b0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
943	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
944	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe92a0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
945	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
946	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
947	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
948	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7630000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
949	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
950	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
951	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
952	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
953	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
954	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe6580000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
955	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
956	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
957	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
958	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-synch-l1-2-0'
959	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
960	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
961	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-fibers-l1-1-1'
962	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
963	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
964	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-fibers-l1-1-1'
965	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
966	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
967	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-synch-l1-2-0'
968	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
969	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
970	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-localization-l1-2-1'
971	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\WINDOWS\system32\Wintrust.dll'
972	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
973	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
974	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
975	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
976	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
977	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
978	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
979	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
980	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
981	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
982	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
983	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
984	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
985	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
986	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
987	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
988	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5a50000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
989	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
990	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a50000 'C:\WINDOWS\system32\bcrypt.dll'
991	1cf0.41c: bcrypt.dll loaded at 00007ffbe5a50000, BCryptOpenAlgorithmProvider at 00007ffbe5a52590, preloading providers:
992	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
993	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
994	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
995	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe6850000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
996	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
997	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6850000 'C:\WINDOWS\system32\bcryptprimitives.dll'
998	1cf0.41c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002cf78d0)
999	1cf0.41c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002cffbe0)
1000	1cf0.41c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002cffeb0)
1001	1cf0.41c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002d00180)
1002	1cf0.41c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002d00450)
1003	1cf0.41c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002d00720)
1004	1cf0.41c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002d009f0)
1005	1cf0.41c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002d00cc0)
1006	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1007	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1008	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1009	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1010	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1011	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1012	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1013	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1014	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1015	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1016	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1017	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1018	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1019	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1020	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1021	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1022	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1023	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1024	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1025	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1026	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1027	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
1028	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1029	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5940000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
1030	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1031	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1032	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
1033	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1034	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1035	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1036	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1037	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1038	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1039	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5380000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
1040	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1041	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1042	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
1043	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
1044	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1045	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5960000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1046	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1047	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1048	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1049	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1050	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1051	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1052	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe99b0000 'C:\WINDOWS\System32\kernel32.dll'
1053	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1054	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1055	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1056	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1057	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\CRYPT32.dll'
1058	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9840000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
1059	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
1060	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1061	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1062	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1063	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1064	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1065	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1066	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1067	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1068	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4cd0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
1069	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1070	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5f30000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
1071	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1072	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1073	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1074	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
1075	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1076	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1077	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1078	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1079	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1080	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1081	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1082	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1083	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1084	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1085	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1086	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1087	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1088	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1089	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1090	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1091	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbcd910000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
1092	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1093	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1094	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1095	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1096	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1097	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1098	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1099	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1100	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1101	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1102	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1103	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1104	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1105	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1106	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1107	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1108	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1109	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1110	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1111	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1112	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1113	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1114	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1115	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1116	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1117	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1118	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1119	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1120	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1121	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\WINDOWS\System32\cryptnet.dll'
1122	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1123	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd910000 'C:\Windows\System32\cryptnet.dll'
1124	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1125	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1126	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1127	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1128	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1129	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1130	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1131	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002d2b930
1132	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
1133	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85A51F72F9C3F195FA917546F5E7071F27ED535A
1134	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1135	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1136	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe96b0000 'C:\WINDOWS\System32\rpcrt4.dll'
1137	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1138	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1139	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1140	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1141	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1142	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1143	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1144	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1145	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1146	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1147	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1148	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1149	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1150	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1151	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
1152	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1153	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1154	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1155	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1156	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1157	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1158	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1126_for_KB4093112~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
1159	1cf0.41c: g_pfnWinVerifyTrust=00007ffbe6586bc0
1160	1cf0.41c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1161	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1162	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1163	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1164	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1165	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1166	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1167	1cf0.41c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1168	1cf0.41c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1169	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1170	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1171	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1172	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1173	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1174	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1175	1cf0.41c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1176	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1177	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
1178	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
1179	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
1180	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1181	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1182	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1183	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1184	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1185	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1186	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1187	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1188	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1189	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1190	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1191	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1192	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1193	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1194	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1195	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1196	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1197	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1198	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1199	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1200	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1201	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1202	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1203	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1204	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1205	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1206	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1207	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1208	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1209	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1210	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1211	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1212	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1213	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1214	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1215	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1216	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1217	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1218	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1219	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1220	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1221	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1222	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1223	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1224	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1225	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1226	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1227	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1228	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
1229	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1230	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1231	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1232	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1233	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1234	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1235	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1236	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1237	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1238	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1239	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1240	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1241	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1242	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1243	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1244	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1245	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1246	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1247	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1248	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\system32\crypt32.dll'
1249	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1250	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1251	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1252	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1253	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1254	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1255	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x66343f4a0108be00 CN=DESKTOP-0K1AETK
1256	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1257	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1258	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd0d2830c08c0bd00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
1259	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1260	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd1744d9f343cae00 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
1261	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1262	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1263	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1264	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1265	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1266	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1267	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1268	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1269	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1270	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1271	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1272	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1273	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1274	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1275	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1276	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1277	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1278	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1279	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1280	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1281	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1282	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1283	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1284	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1285	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1286	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1287	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1288	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1289	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1290	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1291	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1292	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1293	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1294	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1295	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1296	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1297	1cf0.41c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1298	1cf0.41c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
1299	1cf0.41c: SUPR3HardenedMain: Load Runtime...
1300	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1301	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1302	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1303	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1304	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1305	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1306	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1307	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1308	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1309	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1310	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1311	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1312	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1313	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1314	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1315	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1316	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1317	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1318	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1319	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1320	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1321	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1322	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1323	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1324	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1325	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1326	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1327	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1328	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1329	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1330	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1331	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1332	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1333	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1334	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1335	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1336	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1337	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1338	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1339	1cf0.41c: supR3HardenedDllNotificationCallback: load 0000000064660000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1340	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1341	1cf0.41c: supR3HardenedDllNotificationCallback: load 00000000645c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1342	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1343	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7a40000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1344	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1345	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb3340000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1346	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1347	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1348	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1349	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1350	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1351	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1352	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1353	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1354	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1355	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1356	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1357	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1359	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1360	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1362	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1363	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1364	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1365	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1366	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1369	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1370	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1375	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1376	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1377	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1378	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1379	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1380	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1381	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1382	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1383	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1384	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1385	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1386	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1387	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1388	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1389	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1390	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1391	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1392	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1393	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1394	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1395	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1396	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1397	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb3340000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1398	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\WINDOWS\system32\Wintrust.dll'
1399	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1400	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1401	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1402	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1403	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1404	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1405	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\system32\crypt32.dll'
1406	1cf0.41c: SUPR3HardenedMain: Load TrustedMain...
1407	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1408	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1409	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1410	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1411	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1412	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1413	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1414	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1415	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1416	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1417	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1418	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1419	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1420	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1421	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1422	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1423	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1424	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1425	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1426	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1427	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1428	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1429	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1430	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1431	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1432	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1433	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1434	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1435	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1436	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1437	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1438	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1439	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1440	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1441	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1442	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1443	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1444	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1445	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1446	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1447	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1448	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1449	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1450	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1451	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1452	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1453	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1454	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1455	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1456	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1457	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1458	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1459	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1460	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1461	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1462	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1463	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1464	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1465	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1466	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1467	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1468	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1469	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1470	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1471	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1472	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1473	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1474	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1475	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1476	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1477	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1478	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1479	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1480	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1481	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
1482	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
1483	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
1484	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1485	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1486	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1487	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1488	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1489	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1490	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1491	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1494	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1495	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1496	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1497	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1498	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1499	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1500	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1501	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1502	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1503	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1504	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1505	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1506	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1507	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1508	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1509	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1510	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1511	1cf0.41c: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1512	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1513	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1514	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1515	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1516	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1517	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
1518	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
1519	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1520	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1521	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1522	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1523	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1524	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1525	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1526	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1527	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1528	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1529	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1530	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1531	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1532	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1533	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1534	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1535	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1536	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1537	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1538	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1539	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1540	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1541	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1542	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1543	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1544	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1545	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1546	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1547	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1548	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1549	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1550	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1551	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1552	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1553	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1554	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1555	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1556	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1557	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1558	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1559	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1560	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1561	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1562	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1563	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1564	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1565	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1566	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1567	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1568	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1569	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1570	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1571	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1572	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1573	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1574	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1575	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1576	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1577	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1578	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1579	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1580	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1581	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1582	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1583	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1584	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1585	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1586	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1587	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1588	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1589	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1590	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1591	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1592	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1593	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1594	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1595	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1596	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1597	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1598	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1599	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1600	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1601	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1602	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1603	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1604	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1605	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1606	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1607	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1608	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1609	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1610	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1611	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1612	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1613	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1614	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1615	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1616	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1617	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1618	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1619	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1620	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1623	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1624	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1625	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1626	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1627	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1628	1cf0.41c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1629	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1630	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1631	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1632	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1633	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1634	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1635	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1636	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1637	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1638	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1639	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1640	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1641	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1642	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1643	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1644	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1645	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1646	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1647	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1648	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1649	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1650	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1651	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1652	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1653	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1654	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1655	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1656	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1657	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1658	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1659	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1660	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1661	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1662	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1663	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1664	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1665	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1666	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1667	1cf0.41c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1668	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1669	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1670	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1671	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1672	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1673	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1674	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1675	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1676	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1677	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1678	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1679	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1680	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1681	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1682	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1683	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1684	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1685	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1686	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1687	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1688	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1689	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1690	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1691	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1692	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1693	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1694	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1695	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1696	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1697	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1698	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1699	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1700	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1701	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1702	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1703	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1704	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1705	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1706	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1707	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1708	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1709	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1710	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1711	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1712	1cf0.41c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1713	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1714	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
1715	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
1716	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1717	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
1718	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
1719	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1720	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1721	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1722	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1723	1cf0.41c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1724	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1725	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
1726	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
1727	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1728	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1729	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1730	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1731	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1732	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1733	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1734	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1735	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1736	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1737	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1738	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1739	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1740	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1741	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1742	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1743	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1744	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1745	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1746	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1747	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1748	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1749	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1750	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)
1751	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1752	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1753	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1754	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1755	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1756	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1757	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1758	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1759	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1760	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1761	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1762	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1763	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1764	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1765	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1766	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1767	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1768	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1769	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1770	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1771	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1772	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
1773	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
1774	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1775	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1776	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1777	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1778	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1779	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1780	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1781	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1782	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1783	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1784	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1785	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1788	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1789	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1790	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1791	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1792	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1793	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1794	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1795	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1796	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1797	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1798	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1799	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1800	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1801	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1802	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1803	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1804	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1805	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1806	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1807	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1808	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1809	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1810	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1811	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1812	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1813	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1814	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1815	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1816	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1817	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1818	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1819	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1820	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1821	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
1822	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
1823	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
1824	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
1825	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
1826	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1827	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1828	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1829	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1830	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1831	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1832	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1833	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1834	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1835	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1836	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1837	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1838	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1839	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1840	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1841	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1842	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1843	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1844	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\comctl32.dll)
1845	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\comctl32.dll
1846	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1847	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1848	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5fa0000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1849	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1850	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe6330000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1851	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1852	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5fc0000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1853	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1854	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1855	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1856	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1857	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1858	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1859	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe71b0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1860	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1861	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9300000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1862	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb4d40000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1863	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1864	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb2210000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1865	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1866	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7020000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1867	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1868	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1869	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe8f90000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1870	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1871	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7070000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1872	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1873	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
1874	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1875	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1876	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1877	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7150000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1878	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1879	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5ef0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1880	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1881	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1882	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1883	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1884	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5f50000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1885	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1886	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1887	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1888	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe68d0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1889	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1890	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1891	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
1892	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
1893	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1894	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1895	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7b50000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1896	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1897	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9860000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1898	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1899	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbd7620000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1900	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1901	1cf0.41c: supR3HardenedDllNotificationCallback: load 0000000064050000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1902	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1903	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb2330000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1904	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1905	1cf0.41c: supR3HardenedDllNotificationCallback: load 0000000063ae0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1906	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1907	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5510000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
1908	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1909	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe0db0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1910	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1911	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbde190000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\COMCTL32.dll [fFlags=0x0]
1912	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\comctl32.dll [avoiding WinVerifyTrust]
1913	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9a60000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1914	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1915	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb4d70000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1916	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1917	1cf0.41c: supR3HardenedDllNotificationCallback: load 0000000063a80000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1918	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1919	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7760000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1920	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1921	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe2f60000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1922	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1923	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe2f90000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1924	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1925	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbb2930000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1926	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1927	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1928	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1929	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1930	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1931	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1932	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1933	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1934	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1935	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1936	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1937	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1938	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1939	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\comctl32.dll'.
1940	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_887d866e4ab76531\comctl32.dll' [rescheduled]
1941	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1942	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1943	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1944	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1945	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1946	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' [rescheduled]
1947	1cf0.41c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1948	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1949	1cf0.41c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1950	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1951	1cf0.41c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1952	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1953	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1954	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1955	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1956	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1957	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1958	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1959	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1960	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1961	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1962	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1963	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1964	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1965	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1966	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1967	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1968	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1969	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1970	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1971	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1972	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1973	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1974	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1975	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1976	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1977	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1978	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1979	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1980	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1981	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1982	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1983	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1984	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1985	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1986	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1987	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1988	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1989	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1990	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1991	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1992	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1993	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1994	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1995	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1996	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1997	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1998	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1999	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2000	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2001	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2002	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2003	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
2004	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2005	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2006	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2007	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2008	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
2009	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2010	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2011	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2012	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2013	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2014	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2015	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
2016	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2017	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2018	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2019	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2021	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe99b0000 'C:\WINDOWS\System32\kernel32.dll'
2022	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
2023	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2024	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-string-l1-1-0'
2025	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
2026	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2027	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-datetime-l1-1-1'
2028	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
2029	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2030	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-localization-obsolete-l1-2-0'
2031	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
2032	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
2033	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
2034	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
2035	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2036	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2037	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2038	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2039	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
2040	1cf0.41c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
2041	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2042	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2043	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2044	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7120000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
2045	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
2046	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7120000 'C:\WINDOWS\system32\IMM32.DLL'
2047	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
2048	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
2049	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
2050	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
2051	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
2052	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2053	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7120000 'C:\WINDOWS\System32\imm32.dll'
2054	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2055	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2056	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7630000 'C:\WINDOWS\System32\ADVAPI32.DLL'
2057	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb2930000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2058	1cf0.41c: SUPR3HardenedMain: Calling TrustedMain (00007ffbb29314f0)...
2059	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2060	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2061	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2062	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2063	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2064	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2065	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2066	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2067	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2068	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2069	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2070	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2071	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2072	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2073	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2074	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2075	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2076	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2077	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2078	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2079	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2080	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2081	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2082	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2083	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2084	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2085	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2086	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2087	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2088	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2089	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2090	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2091	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2092	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2093	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2094	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2095	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
2096	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2097	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2098	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
2099	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2100	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2101	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2102	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2103	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2104	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2105	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2106	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2107	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2108	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2109	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2110	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
2111	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2112	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2113	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbbcf20000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2114	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2115	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbcf20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2116	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000658 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2117	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2118	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2119	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
2120	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2121	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2122	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2123	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2124	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2125	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2126	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2127	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2128	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2129	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2130	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2131	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2132	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2133	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2134	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2135	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2136	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2137	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2138	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4520000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2139	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2140	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4520000 'C:\WINDOWS\system32\uxtheme.dll'
2141	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9300000 'C:\WINDOWS\system32\user32.dll'
2142	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2143	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2144	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7b50000 'C:\WINDOWS\system32\shell32.dll'
2145	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
2146	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2147	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2148	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
2149	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2150	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7070000 'C:\WINDOWS\system32\SHCore.dll'
2151	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2152	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2153	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2154	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
2155	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
2156	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
2157	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
2158	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2159	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4790000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2160	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2161	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2162	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2163	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2164	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2165	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2166	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2167	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2168	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2169	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2170	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2171	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2172	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2173	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2174	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2175	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\system32\winmm.dll'
2176	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2177	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2178	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\system32\winmm.dll'
2179	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2180	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2181	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7b50000 'C:\WINDOWS\system32\shell32.dll'
2182	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2183	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2184	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4520000 'C:\WINDOWS\system32\uxtheme.dll'
2185	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2186	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2187	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7630000 'C:\WINDOWS\system32\advapi32.dll'
2188	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2189	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2190	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2191	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
2192	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
2193	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2194	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2195	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2196	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2197	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2198	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2199	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2200	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2201	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5e20000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2202	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2203	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5e20000 'C:\WINDOWS\system32\userenv.dll'
2204	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2205	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2206	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe99b0000 'C:\WINDOWS\System32\kernel32.dll'
2207	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe7ab0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2208	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2209	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
2210	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2211	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2212	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2213	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2214	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2215	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2216	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2217	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2218	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2219	1cf0.28b0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2220	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2221	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2222	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2223	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2224	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2225	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2226	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2227	1cf0.28b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2228	1cf0.28b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2229	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2230	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2231	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2232	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2233	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2234	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2235	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2236	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2237	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2238	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2239	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2240	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2241	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2242	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2243	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2244	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2245	1cf0.28b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2246	1cf0.28b0: supR3HardenedDllNotificationCallback: load 00007ffbbc700000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2247	1cf0.28b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2248	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbc700000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2249	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2250	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2251	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2252	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2253	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2254	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2255	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2256	1cf0.28b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2257	1cf0.28b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2258	1cf0.28b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2259	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2260	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2261	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2262	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2263	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2264	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2265	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2266	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2267	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2268	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2269	1cf0.28b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2270	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2271	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2272	1cf0.28b0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
2273	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2274	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2275	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2276	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2277	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2278	1cf0.28b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2279	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2280	1cf0.28b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2281	1cf0.28b0: supR3HardenedDllNotificationCallback: load 00007ffbbcc50000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2282	1cf0.28b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2283	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbcc50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2284	1cf0.28b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2285	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2286	1cf0.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7760000 'C:\Windows\System32\oleaut32.dll'
2287	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2288	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2289	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe71b0000 'C:\WINDOWS\system32\gdi32.dll'
2290	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2291	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2292	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7b50000 'C:\WINDOWS\system32\shell32.dll'
2293	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe9490000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2294	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2295	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
2296	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
2297	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
2298	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
2299	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2300	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2301	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2302	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2303	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2304	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2305	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2306	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2307	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2308	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2309	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2310	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2311	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2312	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2313	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2314	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2315	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2316	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2317	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2318	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2319	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
2320	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2321	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2322	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2323	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2324	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2325	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2326	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
2327	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
2328	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
2329	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2330	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2331	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2332	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2333	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2334	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2335	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2336	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2337	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2338	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2339	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2340	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2341	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2342	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2343	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2344	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2345	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2346	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2347	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2348	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2349	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
2350	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
2351	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2352	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2353	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2354	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2355	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
2356	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2357	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2358	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2359	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2360	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2361	1cf0.41c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2362	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2363	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2364	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
2365	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2366	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2367	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2368	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2369	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2370	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2371	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2372	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2373	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2374	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2375	1cf0.41c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
2376	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2377	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2378	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2379	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2380	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2381	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2382	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2383	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2384	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2385	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2386	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4d50000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2387	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2388	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe30b0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2389	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2390	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe3e70000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2391	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2392	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbca0d0000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2393	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2394	1cf0.41c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2395	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
2396	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe71b0000 'C:\WINDOWS\System32\gdi32.dll'
2397	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbca0d0000 'C:\WINDOWS\system32\dataexchange.dll'
2398	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2399	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
2400	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2401	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
2402	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
2403	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2404	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2405	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2406	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2407	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
2408	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
2409	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4880000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
2410	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2411	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe4910000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2412	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2413	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2414	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2415	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2416	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2417	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2418	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2419	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2420	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2421	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2422	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2423	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2424	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2425	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2426	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2427	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2428	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2429	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2430	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2431	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2432	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
2433	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2434	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2435	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2436	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2437	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2438	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9490000 'C:\WINDOWS\System32\MSCTF.dll'
2439	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2440	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2441	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9860000 'C:\WINDOWS\System32\ole32.dll'
2442	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2443	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2444	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7760000 'C:\WINDOWS\System32\OLEAUT32.dll'
2445	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2446	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2447	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2448	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
2449	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2450	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2451	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2452	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2453	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2454	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2455	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2456	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2457	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2458	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2459	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2460	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2461	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2462	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2463	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2464	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2465	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
2466	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2467	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2468	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2469	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2470	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2471	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2472	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2473	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2474	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2475	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2476	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2477	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2478	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2479	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2480	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2481	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2482	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2483	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2484	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2485	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2486	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2487	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2488	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2489	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2490	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2491	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbdbc40000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2492	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2493	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbdbcd0000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2494	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2495	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2496	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2497	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2498	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdbcd0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2499	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2500	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2501	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2502	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331
2503	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2504	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2505	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2506	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2507	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2508	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2509	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2510	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2511	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2512	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2513	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2514	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2515	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2516	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2517	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbdb930000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2518	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2519	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb930000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2520	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2521	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2522	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-localization-l1-2-0.dll'
2523	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2524	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2525	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe65e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2526	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b14 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2527	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2528	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2529	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
2530	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2531	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2532	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2533	1cf0.41c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2534	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2535	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
2536	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2537	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2538	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2539	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2540	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2541	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2542	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2543	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2544	1cf0.41c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2545	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbdb950000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2546	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2547	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdb950000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2548	1cf0.16b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2549	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2550	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2551	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2552	1cf0.16b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2553	1cf0.16b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2554	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2555	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2556	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2557	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2558	1cf0.16b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2559	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2560	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2561	1cf0.16b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2562	1cf0.16b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2563	1cf0.16b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2564	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2565	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2566	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2567	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2568	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2569	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2570	1cf0.16b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2571	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2572	1cf0.16b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2573	1cf0.16b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2574	1cf0.16b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2575	1cf0.16b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2576	1cf0.16b4: supR3HardenedDllNotificationCallback: load 00000000634f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2577	1cf0.16b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2578	1cf0.16b4: supR3HardenedDllNotificationCallback: load 00007ffbb04a0000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2579	1cf0.16b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2580	1cf0.16b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb04a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2581	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2582	1cf0.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2583	1cf0.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2584	1cf0.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2585	1cf0.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2586	1cf0.d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2587	1cf0.d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2588	1cf0.d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2589	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2590	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2591	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2592	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2593	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2594	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2595	1cf0.d04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2596	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2597	1cf0.d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2598	1cf0.d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2599	1cf0.d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2600	1cf0.d04: supR3HardenedDllNotificationCallback: load 00007ffbe2330000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2601	1cf0.d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2602	1cf0.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2330000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2603	1cf0.d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9300000 'C:\WINDOWS\system32\User32.dll'
2604	1cf0.2fbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2605	1cf0.2fbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2606	1cf0.2fbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2607	1cf0.2fbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2608	1cf0.2fbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2609	1cf0.2fbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2610	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2611	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2612	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2613	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2614	1cf0.2fbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2615	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2616	1cf0.2fbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2617	1cf0.2fbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2618	1cf0.2fbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2619	1cf0.2fbc: supR3HardenedDllNotificationCallback: load 00007ffbde6f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2620	1cf0.2fbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2621	1cf0.2fbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2622	1cf0.23e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2623	1cf0.23e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2624	1cf0.23e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2625	1cf0.23e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2626	1cf0.23e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2627	1cf0.23e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2628	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2629	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2630	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2631	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2632	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2633	1cf0.23e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2634	1cf0.23e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2635	1cf0.23e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2636	1cf0.23e0: supR3HardenedDllNotificationCallback: load 00007ffbde600000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2637	1cf0.23e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2638	1cf0.23e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde600000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2639	1cf0.600: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2640	1cf0.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2641	1cf0.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2642	1cf0.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2643	1cf0.600: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2644	1cf0.600: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2645	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2646	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2647	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2648	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2649	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2650	1cf0.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2651	1cf0.600: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2652	1cf0.600: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2653	1cf0.600: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2654	1cf0.600: supR3HardenedDllNotificationCallback: load 00007ffbde5f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2655	1cf0.600: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2656	1cf0.600: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde5f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2657	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7b50000 'C:\WINDOWS\system32\Shell32.dll'
2658	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2659	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2660	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2661	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2662	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2663	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2664	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2665	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2666	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2667	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2668	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2669	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2670	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2671	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2672	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2673	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2674	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
2675	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2676	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2677	1cf0.21fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2678	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2679	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2680	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2681	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2682	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2683	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2684	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2685	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2686	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2687	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2688	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2689	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2690	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
2691	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2692	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2693	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2694	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2695	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2696	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2697	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2698	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2699	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2700	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2701	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2702	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2703	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2704	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2705	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2706	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2707	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2708	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2709	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2710	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2711	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2712	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2713	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2714	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2715	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2716	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2717	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2718	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2719	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2720	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2721	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2722	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2723	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2724	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2725	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2726	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2727	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2728	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2729	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2730	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2731	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2732	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2733	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2734	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2735	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2736	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2737	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2738	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2739	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2740	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2741	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2742	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2743	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2744	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2745	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe71e0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
2746	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2747	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbbceb0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2748	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2749	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbbecc0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2750	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2751	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffba5770000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2752	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2753	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba5770000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2754	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2755	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2756	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2757	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbc700000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2758	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2759	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2760	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2761	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbecc0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2762	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2763	1cf0.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2764	1cf0.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2765	1cf0.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2766	1cf0.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2767	1cf0.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2768	1cf0.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2769	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2770	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2771	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2772	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2773	1cf0.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2774	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2775	1cf0.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2776	1cf0.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2777	1cf0.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2778	1cf0.2818: supR3HardenedDllNotificationCallback: load 00007ffbdd990000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2779	1cf0.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2780	1cf0.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd990000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2781	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2782	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2783	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5510000 'C:\WINDOWS\system32\Iphlpapi.dll'
2784	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2785	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2786	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
2787	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2788	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe96a0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2789	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2790	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2791	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe0c00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2792	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2793	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2794	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
2795	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2796	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbdfb00000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2797	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2798	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2799	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2800	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2801	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
2802	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2803	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe0bc0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2804	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2805	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2806	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2807	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2808	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
2809	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2810	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2811	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2812	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2813	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2814	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2815	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2816	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2817	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2818	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2819	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2820	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2821	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2822	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2823	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2824	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2825	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2826	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2827	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2828	1cf0.21fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2829	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2830	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2831	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2832	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
2833	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2834	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2835	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2836	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2837	1cf0.21fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2838	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2839	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2840	1cf0.21fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2841	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2842	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2843	1cf0.21fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2844	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2845	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2846	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2847	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2848	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
2849	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
2850	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2851	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2852	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2853	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2854	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2855	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2856	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2857	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2858	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2859	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2860	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2861	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2862	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2863	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2864	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2865	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2866	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2867	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2868	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2869	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2870	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2871	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2872	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2873	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2874	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2875	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
2876	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
2877	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2878	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2879	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2880	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2881	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2882	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2883	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2884	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2885	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2886	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2887	1cf0.21fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2888	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2889	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2890	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2891	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2892	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe5d00000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
2893	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2894	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe2d10000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
2895	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2896	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbdce30000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
2897	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2898	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdce30000 'C:\WINDOWS\System32\MMDevApi.dll'
2899	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e3c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2900	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2901	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2902	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
2903	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2904	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2905	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2906	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2907	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2908	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
2909	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2910	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2911	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2912	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2913	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2914	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2915	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2916	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2917	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2918	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbb0770000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
2919	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2920	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2921	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2922	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb0770000 'C:\WINDOWS\System32\dsound.dll'
2923	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb0770000 'C:\WINDOWS\System32\dsound.dll'
2924	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2925	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2926	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb0770000 'C:\WINDOWS\system32\dsound.dll'
2927	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2928	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2929	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdce30000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
2930	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2931	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2932	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
2933	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001018 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2934	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
2935	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
2936	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
2937	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2938	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2939	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2940	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2941	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2942	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
2943	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
2944	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
2945	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2946	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2947	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2948	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2949	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2950	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2951	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2952	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2953	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2954	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2955	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2956	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2957	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2958	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2959	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2960	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2961	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2962	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2963	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2964	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2965	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2966	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2967	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2968	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2969	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2970	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2971	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbdc290000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
2972	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2973	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe2660000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
2974	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2975	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbc1d60000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
2976	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2977	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
2978	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2979	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2980	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
2981	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2982	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2983	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
2984	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2985	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2986	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
2987	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2988	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
2989	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
2990	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
2991	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
2992	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2993	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
2994	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2995	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
2996	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
2997	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
2998	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2999	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3000	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3001	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3002	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3003	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3004	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3005	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3006	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3007	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3008	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3009	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3010	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3011	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
3012	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3013	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3014	1cf0.21fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
3015	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3016	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3017	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
3018	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
3019	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
3020	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
3021	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
3022	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbe1d00000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
3023	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
3024	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbc15e0000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3025	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3026	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc15e0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3027	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
3028	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
3029	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
3030	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3031	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3032	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3033	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3034	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
3035	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3036	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3037	1cf0.21fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
3038	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3039	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3040	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3041	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3042	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3043	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3044	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3045	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3046	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3047	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3048	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3049	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3050	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3051	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3052	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3053	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3054	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3055	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3056	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3057	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3058	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3059	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3060	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3061	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc1d60000 'C:\WINDOWS\System32\wdmaud.drv'
3062	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d9c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3063	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
3064	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
3065	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
3066	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3067	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3068	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3069	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3070	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3071	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3072	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3073	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3074	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3075	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3076	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3077	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3078	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3079	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3080	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3081	1cf0.21fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
3082	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3083	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3084	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3085	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3086	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3087	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3088	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3089	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3090	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3091	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3092	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3093	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3094	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3095	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3096	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3097	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3098	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3099	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbc2db0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3100	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3101	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbdc280000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3102	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3103	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3104	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3105	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3106	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3107	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3108	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3109	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3110	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3111	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3112	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3113	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3114	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3115	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3116	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3117	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3118	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3119	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3120	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3121	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3122	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3123	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3124	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc280000 'C:\WINDOWS\System32\msacm32.drv'
3125	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001048 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3126	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
3127	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
3128	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
3129	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3130	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3131	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3132	1cf0.21fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3133	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3134	1cf0.21fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3135	1cf0.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3136	1cf0.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3137	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3138	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3139	1cf0.21fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3140	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3141	1cf0.21fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3142	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3143	1cf0.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3144	1cf0.21fc: supR3HardenedDllNotificationCallback: load 00007ffbcce50000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3145	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3146	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcce50000 'C:\WINDOWS\System32\midimap.dll'
3147	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3148	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3149	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcce50000 'C:\WINDOWS\System32\midimap.dll'
3150	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3151	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3152	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcce50000 'C:\WINDOWS\System32\midimap.dll'
3153	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3154	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3155	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcce50000 'C:\WINDOWS\System32\midimap.dll'
3156	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3157	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3158	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3159	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3160	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3161	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3162	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3163	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3164	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3165	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3166	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3167	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3168	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3169	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3170	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3171	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3172	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3173	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3174	1cf0.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3175	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3176	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb0770000 'C:\WINDOWS\system32\dsound.dll'
3177	1cf0.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2f90000 'C:\WINDOWS\System32\winmm.dll'
3178	1cf0.cf4: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
3179	1cf0.cf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
3180	1cf0.cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
3181	1cf0.cf4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000012a0 (hFile=0000000000001298) with 0xc0000022 -> STATUS_TRUST_FAILURE
3182	1cf0.cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3183	1cf0.cf4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001298 (hFile=00000000000012a0) with 0xc0000022 -> STATUS_TRUST_FAILURE
3184	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000129c pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
3185	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002d2b930
3186	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002d2b930
3187	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCD6851397609F5A60EB791379F579F266921FA4
3188	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3189	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3190	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_638_for_KB4093112~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
3191	1cf0.cf4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3192	1cf0.cf4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
3193	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3194	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3195	1cf0.cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
3196	1cf0.cf4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
3197	1cf0.cf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
3198	1cf0.cf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3199	1cf0.cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3200	1cf0.cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3201	1cf0.cf4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3202	1cf0.cf4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3203	1cf0.cf4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
3204	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3205	1cf0.cf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3206	1cf0.cf4: supR3HardenedDllNotificationCallback: load 00007ffbe5780000 LB 0x00066000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
3207	1cf0.cf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3208	1cf0.cf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5780000 'C:\WINDOWS\system32\mswsock.dll'
3209	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3210	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
3211	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
3212	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
3213	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
3214	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3215	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
3216	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
3217	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
3218	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
3219	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3220	1cf0.41c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
3221	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
3222	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
3223	1cf0.41c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
3224	1cf0.41c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
3225	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe5020000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
3226	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
3227	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe33a0000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
3228	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
3229	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbe1fd0000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
3230	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
3231	1cf0.41c: supR3HardenedDllNotificationCallback: load 00007ffbd9dd0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
3232	1cf0.41c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
3233	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3234	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3235	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3236	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3237	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3238	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3239	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
3240	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
3241	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
3242	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
3243	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3244	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3245	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
3246	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
3247	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
3248	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
3249	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
3250	1cf0.41c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
3251	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3252	1cf0.41c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3253	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3254	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6580000 'C:\Windows\System32\WINTRUST.DLL'
3255	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\CRYPT32.dll'
3256	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3257	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
3258	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3259	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3260	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
3261	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3262	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3263	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
3264	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5380000 'C:\WINDOWS\system32\rsaenh.dll'
3265	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6160000 'C:\WINDOWS\System32\crypt32.dll'
3266	1cf0.41c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
3267	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7760000 'C:\WINDOWS\System32\OLEAUT32.DLL'
3268	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
3269	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3270	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9300000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
3271	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
3272	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3273	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9300000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
3274	1cf0.41c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
3275	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3276	1cf0.41c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe8f90000 'api-ms-win-core-com-l1-1-0.dll'
3277	1cf0.2818: supR3HardenedDllNotificationCallback: Unload 00007ffbdd990000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3278	1cf0.600: supR3HardenedDllNotificationCallback: Unload 00007ffbde5f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3279	1cf0.23e0: supR3HardenedDllNotificationCallback: Unload 00007ffbde600000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3280	1cf0.2fbc: supR3HardenedDllNotificationCallback: Unload 00007ffbde6f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3281	1cf0.d04: supR3HardenedDllNotificationCallback: Unload 00007ffbe2330000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3282	1cf0.21fc: supR3HardenedDllNotificationCallback: Unload 00007ffba5770000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3283	1cf0.21fc: supR3HardenedDllNotificationCallback: Unload 00007ffbbceb0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3284	1cf0.21fc: supR3HardenedDllNotificationCallback: Unload 00007ffbbecc0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3285	1cf0.21fc: supR3HardenedDllNotificationCallback: Unload 00007ffbe71e0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
3286	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbdb930000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3287	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbca0d0000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3288	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbe30b0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3289	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbe4d50000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
3290	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbe3e70000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3291	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbe4910000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3292	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbe4880000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
3293	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbdb950000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3294	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbbcc50000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3295	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbdbcd0000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3296	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbdbc40000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3297	1cf0.41c: supR3HardenedDllNotificationCallback: Unload 00007ffbbc700000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3298	1cf0.41c: Terminating the normal way: rcExit=0
3299	14c.1da8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4500033 ms, the end);
3300	798.f6c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4500702 ms, the end);

Download in other formats:

Original Format